lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAMZ6RqK3MWEmEO8Yt3KjCYakya5cG0ccxGPcqbHpM2imKuzpVg@mail.gmail.com>
Date:   Fri, 1 Sep 2023 19:53:21 +0900
From:   Vincent MAILHOL <mailhol.vincent@...adoo.fr>
To:     Jiasheng Jiang <jiasheng@...as.ac.cn>
Cc:     wg@...ndegger.com, mkl@...gutronix.de, davem@...emloft.net,
        edumazet@...gle.com, kuba@...nel.org, pabeni@...hat.com,
        arunachalam.santhanam@...bosch.com, linux-can@...r.kernel.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] can: etas_es58x: Add check for alloc_can_err_skb

On Fri. 1 Sept 2023 at 19:22, Jiasheng Jiang <jiasheng@...as.ac.cn> wrote:
> Add check for the return value of alloc_can_err_skb in order to
> avoid NULL pointer dereference.
>
> Fixes: 8537257874e9 ("can: etas_es58x: add core support for ETAS ES58X CAN USB interfaces")
> Signed-off-by: Jiasheng Jiang <jiasheng@...as.ac.cn>
> ---
>  drivers/net/can/usb/etas_es58x/es58x_core.c | 2 ++
>  1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/can/usb/etas_es58x/es58x_core.c b/drivers/net/can/usb/etas_es58x/es58x_core.c
> index 0c7f7505632c..d694cb22d9f4 100644
> --- a/drivers/net/can/usb/etas_es58x/es58x_core.c
> +++ b/drivers/net/can/usb/etas_es58x/es58x_core.c
> @@ -680,6 +680,8 @@ int es58x_rx_err_msg(struct net_device *netdev, enum es58x_err error,
>         }
>
>         skb = alloc_can_err_skb(netdev, &cf);
> +       if (!skb)
> +               return -ENOMEM;

NAK.

The checks on skb or cf are skipped intentionally here in order to
continue the error handling.

Later in this function, all the access to skb or cf and guarded by an:

        if (cf)

And if cf is not NULL, skb is also guaranteed not to be NULL. For
further details, please refer to this commit:

  https://git.kernel.org/torvalds/c/c8129487441e


Yours sincerely,
Vincent Mailhol

>         switch (error) {
>         case ES58X_ERR_OK:      /* 0: No error */
> --
> 2.25.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ