| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20220908175615.5095-1-jilin@nvidia.com>
Date: Fri, 9 Sep 2022 01:56:15 +0800
From: Jim Lin <jilin@...dia.com>
To: <balbi@...nel.org>, <gregkh@...uxfoundation.org>
CC: <linux-usb@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
Jim Lin <jilin@...dia.com>,
Aniruddha TVS Rao <anrao@...dia.com>
Subject: [PATCH] usb: gadget: rndis: Avoid dereference before NULL check
NULL check is performed after params->dev is dereferenced in
dev_get_stats.
Fixed by adding a NULL check before dereferencing params->dev and
removing subsequent NULL checks for it.
Signed-off-by: Aniruddha TVS Rao <anrao@...dia.com>
Signed-off-by: Jim Lin <jilin@...dia.com>
---
drivers/usb/gadget/function/rndis.c | 37 ++++++++++++-----------------
1 file changed, 15 insertions(+), 22 deletions(-)
diff --git a/drivers/usb/gadget/function/rndis.c b/drivers/usb/gadget/function/rndis.c
index 64de9f1b874c..d2f18f34c8e5 100644
--- a/drivers/usb/gadget/function/rndis.c
+++ b/drivers/usb/gadget/function/rndis.c
@@ -198,6 +198,9 @@ static int gen_ndis_query_resp(struct rndis_params *params, u32 OID, u8 *buf,
outbuf = (__le32 *)&resp[1];
resp->InformationBufferOffset = cpu_to_le32(16);
+ if (!params->dev)
+ return -ENODEV;
+
net = params->dev;
stats = dev_get_stats(net, &temp);
@@ -246,10 +249,8 @@ static int gen_ndis_query_resp(struct rndis_params *params, u32 OID, u8 *buf,
/* mandatory */
case RNDIS_OID_GEN_MAXIMUM_FRAME_SIZE:
pr_debug("%s: RNDIS_OID_GEN_MAXIMUM_FRAME_SIZE\n", __func__);
- if (params->dev) {
- *outbuf = cpu_to_le32(params->dev->mtu);
- retval = 0;
- }
+ *outbuf = cpu_to_le32(params->dev->mtu);
+ retval = 0;
break;
/* mandatory */
@@ -266,19 +267,15 @@ static int gen_ndis_query_resp(struct rndis_params *params, u32 OID, u8 *buf,
/* mandatory */
case RNDIS_OID_GEN_TRANSMIT_BLOCK_SIZE:
pr_debug("%s: RNDIS_OID_GEN_TRANSMIT_BLOCK_SIZE\n", __func__);
- if (params->dev) {
- *outbuf = cpu_to_le32(params->dev->mtu);
- retval = 0;
- }
+ *outbuf = cpu_to_le32(params->dev->mtu);
+ retval = 0;
break;
/* mandatory */
case RNDIS_OID_GEN_RECEIVE_BLOCK_SIZE:
pr_debug("%s: RNDIS_OID_GEN_RECEIVE_BLOCK_SIZE\n", __func__);
- if (params->dev) {
- *outbuf = cpu_to_le32(params->dev->mtu);
- retval = 0;
- }
+ *outbuf = cpu_to_le32(params->dev->mtu);
+ retval = 0;
break;
/* mandatory */
@@ -405,21 +402,17 @@ static int gen_ndis_query_resp(struct rndis_params *params, u32 OID, u8 *buf,
/* mandatory */
case RNDIS_OID_802_3_PERMANENT_ADDRESS:
pr_debug("%s: RNDIS_OID_802_3_PERMANENT_ADDRESS\n", __func__);
- if (params->dev) {
- length = ETH_ALEN;
- memcpy(outbuf, params->host_mac, length);
- retval = 0;
- }
+ length = ETH_ALEN;
+ memcpy(outbuf, params->host_mac, length);
+ retval = 0;
break;
/* mandatory */
case RNDIS_OID_802_3_CURRENT_ADDRESS:
pr_debug("%s: RNDIS_OID_802_3_CURRENT_ADDRESS\n", __func__);
- if (params->dev) {
- length = ETH_ALEN;
- memcpy(outbuf, params->host_mac, length);
- retval = 0;
- }
+ length = ETH_ALEN;
+ memcpy(outbuf, params->host_mac, length);
+ retval = 0;
break;
/* mandatory */
--
2.17.1
Powered by blists - more mailing lists