| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 18 Aug 2022 15:00:50 +0300 (EEST)
From: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
To: Vincent Whitchurch <vincent.whitchurch@...s.com>
cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jiri Slaby <jirislaby@...nel.org>, kernel@...s.com,
Andy Shevchenko <andy.shevchenko@...il.com>,
LKML <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2] tty: Fix lookahead_buf crash with serdev
On Thu, 18 Aug 2022, Vincent Whitchurch wrote:
> Do not follow a NULL pointer if the tty_port_client_operations does not
> implement the ->lookahead_buf() callback, which is the case with
> serdev's ttyport.
>
> Fixes: 6bb6fa6908ebd3 ("tty: Implement lookahead to process XON/XOFF timely")
> Signed-off-by: Vincent Whitchurch <vincent.whitchurch@...s.com>
Reviewed-by: Ilpo Järvinen <ilpo.jarvinen@...ux.intel.com>
--
i.
> ---
>
> Notes:
> v2: Move more stuff into if block.
>
> drivers/tty/tty_buffer.c | 14 +++++++++-----
> 1 file changed, 9 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/tty/tty_buffer.c b/drivers/tty/tty_buffer.c
> index 9fdecc795b6b..5e287dedce01 100644
> --- a/drivers/tty/tty_buffer.c
> +++ b/drivers/tty/tty_buffer.c
> @@ -470,7 +470,6 @@ static void lookahead_bufs(struct tty_port *port, struct tty_buffer *head)
>
> while (head) {
> struct tty_buffer *next;
> - unsigned char *p, *f = NULL;
> unsigned int count;
>
> /*
> @@ -489,11 +488,16 @@ static void lookahead_bufs(struct tty_port *port, struct tty_buffer *head)
> continue;
> }
>
> - p = char_buf_ptr(head, head->lookahead);
> - if (~head->flags & TTYB_NORMAL)
> - f = flag_buf_ptr(head, head->lookahead);
> + if (port->client_ops->lookahead_buf) {
> + unsigned char *p, *f = NULL;
> +
> + p = char_buf_ptr(head, head->lookahead);
> + if (~head->flags & TTYB_NORMAL)
> + f = flag_buf_ptr(head, head->lookahead);
> +
> + port->client_ops->lookahead_buf(port, p, f, count);
> + }
>
> - port->client_ops->lookahead_buf(port, p, f, count);
> head->lookahead += count;
> }
> }
>
Powered by blists - more mailing lists