lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 20 Sep 2021 10:45:03 -0700
From:   Mark Gross <markgross@...nel.org>
To:     Arnd Bergmann <arnd@...nel.org>
Cc:     Matan Ziv-Av <matan@...alib.org>,
        Hans de Goede <hdegoede@...hat.com>,
        Mark Gross <mgross@...ux.intel.com>,
        Arnd Bergmann <arnd@...db.de>,
        "Rafael J. Wysocki" <rafael.j.wysocki@...el.com>,
        platform-driver-x86@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] platform/x86: lg-laptop: Fix possible NULL pointer
 derefence

On Mon, Sep 20, 2021 at 11:55:50AM +0200, Arnd Bergmann wrote:
> From: Arnd Bergmann <arnd@...db.de>
> 
> When CONFIG_DMI is disabled, dmi_get_system_info() returns a NULL
> pointer, which is now caught by a warning:
> 
> In function 'strlen',
>     inlined from 'acpi_add.part.0' at drivers/platform/x86/lg-laptop.c:658:6:
> include/linux/fortify-string.h:25:33: error: argument 1 null where non-null expected [-Werror=nonnull]
>    25 | #define __underlying_strlen     __builtin_strlen
>       |                                 ^
> include/linux/fortify-string.h:60:24: note: in expansion of macro '__underlying_strlen'
>    60 |                 return __underlying_strlen(p);
>       |                        ^~~~~~~~~~~~~~~~~~~
> drivers/platform/x86/lg-laptop.c: In function 'acpi_add.part.0':
> include/linux/fortify-string.h:25:33: note: in a call to built-in function '__builtin_strlen'
>    25 | #define __underlying_strlen     __builtin_strlen
>       |                                 ^
> include/linux/fortify-string.h:60:24: note: in expansion of macro '__underlying_strlen'
>    60 |                 return __underlying_strlen(p);
>       |                        ^~~~~~~~~~~~~~~~~~~
> 
> The code in there does not appear essential, so an explicit
> NULL check should be sufficient. The string is also printed
> to the console, but printk() is able to handle NULL pointer
> arguments gracefully.
> 
> Fixes: 8983bfd58d61 ("platform/x86: lg-laptop: Support for battery charge limit on newer models")
> Signed-off-by: Arnd Bergmann <arnd@...db.de>
> ---
>  drivers/platform/x86/lg-laptop.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/drivers/platform/x86/lg-laptop.c b/drivers/platform/x86/lg-laptop.c
> index 3e520d5bca07..88b551caeaaf 100644
> --- a/drivers/platform/x86/lg-laptop.c
> +++ b/drivers/platform/x86/lg-laptop.c
> @@ -655,7 +655,7 @@ static int acpi_add(struct acpi_device *device)
>  		goto out_platform_registered;
>  	}
>  	product = dmi_get_system_info(DMI_PRODUCT_NAME);
> -	if (strlen(product) > 4)
> +	if (product && strlen(product) > 4)
seems appropriate.

--mark
>  		switch (product[4]) {
>  		case '5':
>  		case '6':
> -- 
> 2.29.2
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ