| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <YdHk/EH8LvusqRn+@owl.dominikbrodowski.net>
Date: Sun, 2 Jan 2022 18:46:36 +0100
From: Dominik Brodowski <linux@...inikbrodowski.net>
To: Zhou Qingyang <zhou1615@....edu>
Cc: kjlu@....edu, Lee Jones <lee.jones@...aro.org>,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] pcmcia: rsrc_nonstatic: Fix a NULL pointer dereference
in __nonstatic_find_io_region()
Am Wed, Dec 01, 2021 at 12:59:23AM +0800 schrieb Zhou Qingyang:
> In __nonstatic_find_io_region(), pcmcia_make_resource() is assigned to
> res and used in pci_bus_alloc_resource(). There is a dereference of res
> in pci_bus_alloc_resource(), which could lead to a NULL pointer
> dereference on failure of pcmcia_make_resource().
>
> Fix this bug by adding a check of res.
>
> This bug was found by a static analyzer. The analysis employs
> differential checking to identify inconsistent security operations
> (e.g., checks or kfrees) between two code paths and confirms that the
> inconsistent operations are not recovered in the current function or
> the callers, so they constitute bugs.
>
> Note that, as a bug found by static analysis, it can be a false
> positive or hard to trigger. Multiple researchers have cross-reviewed
> the bug.
>
> Builds with ONFIG_PCCARD_NONSTATIC=y show no new warnings,
> and our static analyzer no longer warns about this code.
>
> Fixes: 49b1153adfe1 ("pcmcia: move all pcmcia_resource_ops providers into one module")
> Signed-off-by: Zhou Qingyang <zhou1615@....edu>
Although pcmcica_make_resource() will not fail, as the requested size is so
small: Applied to pcmcia-next.
Thanks,
Dominik
Powered by blists - more mailing lists