lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 28 Oct 2021 09:24:12 +0800
From:   Zhou Wang <wangzhou1@...ilicon.com>
To:     YE Chengfeng <cyeaa@...nect.ust.hk>,
        "herbert@...dor.apana.org.au" <herbert@...dor.apana.org.au>,
        "davem@...emloft.net" <davem@...emloft.net>
CC:     "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: drivers/crypto: suspected missing null check in hisi_qm_pre_init

> Hi,
> 
> https://github.com/torvalds/linux/blob/master/drivers/crypto/hisilicon/qm.c#L3286
> 
> We notice that at #line 3286, the return pointer of ACPI_COMPANION is not null-checked, and then it's dereferenced in acpi_device_power_manageable. Seems that it could be a potential null-pointer-dereference issue.
> 
> This is detected by our experimental static analysis tool, it could be false positive, so we manually check and report those we think may be true bugs. Would you like to have a look at them? If it's real bug, we could like to provide patch to ease your workflow.

Hi Chengfeng,

It will reture NULL when ACPI is disabled, however this driver deponds on
ACPI, which is already set in Kconfig. So no need do null-checked here.

Thanks,
Zhou

> 
> Thanks so much,
> Chengfeng
> .
> 

Powered by blists - more mailing lists