| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 10 Aug 2021 08:04:04 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Tuo Li <islituo@...il.com>
Cc: sridhar.samudrala@...el.com, davem@...emloft.net,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
baijiaju1990@...il.com, TOTE Robot <oslab@...nghua.edu.cn>
Subject: Re: [PATCH] net: core: Fix possible null-pointer dereference in
failover_slave_register()
On Tue, 10 Aug 2021 02:18:00 -0700 Tuo Li wrote:
> The variable fops is checked in:
> if (fops && fops->slave_pre_register &&
> fops->slave_pre_register(slave_dev, failover_dev))
>
> This indicates that it can be NULL.
> However, it is dereferenced when calling netdev_rx_handler_register():
> err = netdev_rx_handler_register(slave_dev, fops->slave_handle_frame,
> failover_dev);
>
> To fix this possible null-pointer dereference, check fops first, and if
> it is NULL, assign -EINVAL to err.
The other fops checks look like defensive programming. I don't see
anywhere where fops would be cleared, and all callers pass it to
register().
Powered by blists - more mailing lists