lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 26 Oct 2021 09:07:43 +0000 From: YE Chengfeng <cyeaa@...nect.ust.hk> To: "herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>, "davem@...emloft.net" <davem@...emloft.net>, "nicolas.ferre@...rochip.com" <nicolas.ferre@...rochip.com>, "alexandre.belloni@...tlin.com" <alexandre.belloni@...tlin.com>, "ludovic.desroches@...rochip.com" <ludovic.desroches@...rochip.com> CC: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org> Subject: drivers/crypto: suspected null-pointer dereference at atmel_sha_init Hi, https://github.com/torvalds/linux/blob/master/drivers/crypto/atmel-sha.c#L431 We notice that the return pointer of atmel_sha_find_dev could be null, and it seems that null-check is missing at #line 431. If it returns null pointer, there will be a null pointer dereference problem at #line 437. We check that other call sites of this interface perform null-check, while this doesn't, so we suspect that this could be a problem. This is detected by our experimental static analysis tool, it could be false positive, so we manually check and report those we think may be true bugs. Would you like to have a look at them? Thanks so much, Chengfeng
Powered by blists - more mailing lists