| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y8IP5JJW/wPy/Wb4@ZenIV>
Date: Sat, 14 Jan 2023 02:13:56 +0000
From: Al Viro <viro@...iv.linux.org.uk>
To: Jia-Ju Bai <baijiaju1990@...il.com>
Cc: almaz.alexandrovich@...agon-software.com, edward.lo@...ergroup.io,
ntfs3@...ts.linux.dev, linux-kernel@...r.kernel.org,
TOTE Robot <oslab@...nghua.edu.cn>
Subject: Re: [PATCH resend] fs: ntfs3: Add check for mft_ni in mi_read()
On Sat, Jan 14, 2023 at 09:54:41AM +0800, Jia-Ju Bai wrote:
> In a previous commit 2681631c2973, the parameter ni of
> attr_load_runs_vcn() can be NULL, and thus a NULL check is added.
>
> However, in the same call stack, this variable is also dereferenced in
> mi_read():
>
> mi_read()
> ni_lock(mft_ni);
> attr_load_runs_vcn(mft_ni)
> if (ni) -> Add a check by previous commit (ni is mft_ni)
> ni_unlock(mft_ni);
>
> Thus, to avoid possible null-pointer dereferences, mft_ni should be
> also checked in mi_read().
>
> These results are reported by a static tool designed by myself
No, it should not. ni_lock(mft_ni) is called only if rw_lock
is not NULL. The only assignment of non-NULL to that variable is
here:
if (is_mounted(sbi)) {
if (!is_mft) {
rw_lock = &mft_ni->file.run_lock;
down_read(rw_lock);
}
}
Note that it would have already oopsed had mft_ni been NULL.
The logics might or might not be wrong there, but could we please
stop obfuscating it by checks piled higher and deeper just in case?
Incidentally, I hope the pattern that triggered here is not
f() checks for its argument being NULL, one of the callers of f() passes it a pointer
therefore that pointer might be NULL
for obvious reasons...
Powered by blists - more mailing lists