| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230614151246.116391-1-cymi20@fudan.edu.cn>
Date: Wed, 14 Jun 2023 08:12:46 -0700
From: Chenyuan Mi <cymi20@...an.edu.cn>
To: axboe@...nel.dk
Cc: asml.silence@...il.com, io-uring@...r.kernel.org,
linux-kernel@...r.kernel.org, Chenyuan Mi <cymi20@...an.edu.cn>
Subject: [PATCH] io_uring/kbuf: fix missing check for return value of io_buffer_get_list()
The io_buffer_get_list() function may return NULL, which may
cause null pointer deference, and other callsites of
io_buffer_get_list() all do Null check. Add Null check for
return value of io_buffer_get_list().
Found by our static analysis tool.
Signed-off-by: Chenyuan Mi <cymi20@...an.edu.cn>
---
io_uring/kbuf.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/io_uring/kbuf.c b/io_uring/kbuf.c
index 2f0181521c98..d209a0a9e337 100644
--- a/io_uring/kbuf.c
+++ b/io_uring/kbuf.c
@@ -66,9 +66,11 @@ void io_kbuf_recycle_legacy(struct io_kiocb *req, unsigned issue_flags)
buf = req->kbuf;
bl = io_buffer_get_list(ctx, buf->bgid);
- list_add(&buf->list, &bl->buf_list);
- req->flags &= ~REQ_F_BUFFER_SELECTED;
- req->buf_index = buf->bgid;
+ if (likely(bl)) {
+ list_add(&buf->list, &bl->buf_list);
+ req->flags &= ~REQ_F_BUFFER_SELECTED;
+ req->buf_index = buf->bgid;
+ }
io_ring_submit_unlock(ctx, issue_flags);
return;
--
2.17.1
Powered by blists - more mailing lists