lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 10 Jan 2024 10:43:38 +0200
From: Tali Perry <tali.perry1@...il.com>
To: Rand Deeb <rand.sec96@...il.com>
Cc: Avi Fishman <avifishman70@...il.com>, Tomer Maimon <tmaimon77@...il.com>, 
	Patrick Venture <venture@...gle.com>, Nancy Yuen <yuenn@...gle.com>, 
	Benjamin Fair <benjaminfair@...gle.com>, openbmc@...ts.ozlabs.org, 
	linux-i2c@...r.kernel.org, linux-kernel@...r.kernel.org, 
	deeb.rand@...fident.ru, lvc-project@...uxtesting.org, 
	voskresenski.stanislav@...fident.ru
Subject: Re: [PATCH] i2c: Fix NULL pointer dereference in npcm_i2c_reg_slave

On Tue, Jan 9, 2024 at 4:52 PM Rand Deeb <rand.sec96@...il.com> wrote:
>
> In the npcm_i2c_reg_slave function, a potential NULL pointer dereference
> issue occurs when 'client' is NULL. This patch adds a proper NULL check for
> 'client' at the beginning of the function to prevent undefined behavior.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Signed-off-by: Rand Deeb <rand.sec96@...il.com>
> ---
>  drivers/i2c/busses/i2c-npcm7xx.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/i2c/busses/i2c-npcm7xx.c b/drivers/i2c/busses/i2c-npcm7xx.c
> index c1b679737240..cfabfb50211d 100644
> --- a/drivers/i2c/busses/i2c-npcm7xx.c
> +++ b/drivers/i2c/busses/i2c-npcm7xx.c
> @@ -1243,13 +1243,14 @@ static irqreturn_t npcm_i2c_int_slave_handler(struct npcm_i2c *bus)
>  static int npcm_i2c_reg_slave(struct i2c_client *client)
>  {
>         unsigned long lock_flags;
> -       struct npcm_i2c *bus = i2c_get_adapdata(client->adapter);
> -
> -       bus->slave = client;
> +       struct npcm_i2c *bus;
>
> -       if (!bus->slave)
> +       if (!client)
>                 return -EINVAL;
>
> +       bus = i2c_get_adapdata(client->adapter);
> +       bus->slave = client;
> +
>         if (client->flags & I2C_CLIENT_TEN)
>                 return -EAFNOSUPPORT;
>
> --
> 2.34.1
>


Thanks for the patch!

Reviewed-by:tali.perry1@...il.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ