lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 18 Oct 2021 12:31:28 -0600
From:   Tim Gardner <tim.gardner@...onical.com>
To:     linux-s390@...r.kernel.org
Cc:     tim.gardner@...onical.com, Karsten Graul <kgraul@...ux.ibm.com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: [PATCH][linux-next] net/smc: prevent NULL dereference in smc_find_rdma_v2_device_serv()

Coverity complains of a possible NULL dereference in smc_find_rdma_v2_device_serv().

1782        smc_v2_ext = smc_get_clc_v2_ext(pclc);
CID 121151 (#1 of 1): Dereference null return value (NULL_RETURNS)
5. dereference: Dereferencing a pointer that might be NULL smc_v2_ext when calling smc_clc_match_eid. [show details]
1783        if (!smc_clc_match_eid(ini->negotiated_eid, smc_v2_ext, NULL, NULL))
1784                goto not_found;

Fix this by checking for NULL.

Fixes: e49300a6bf621 ("net/smc: add listen processing for SMC-Rv2")
Cc: Karsten Graul <kgraul@...ux.ibm.com>
Cc: "David S. Miller" <davem@...emloft.net>
Cc: Jakub Kicinski <kuba@...nel.org>
Cc: linux-s390@...r.kernel.org
Cc: netdev@...r.kernel.org
Cc: linux-kernel@...r.kernel.org
Signed-off-by: Tim Gardner <tim.gardner@...onical.com>
---
 net/smc/af_smc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 5e50e007a7da..ff23d5b40793 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -1780,7 +1780,7 @@ static void smc_find_rdma_v2_device_serv(struct smc_sock *new_smc,
 		goto not_found;
 
 	smc_v2_ext = smc_get_clc_v2_ext(pclc);
-	if (!smc_clc_match_eid(ini->negotiated_eid, smc_v2_ext, NULL, NULL))
+	if (!smc_v2_ext || !smc_clc_match_eid(ini->negotiated_eid, smc_v2_ext, NULL, NULL))
 		goto not_found;
 
 	/* prepare RDMA check */
-- 
2.33.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ