lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Za_QJZhWKoq5wg52@orbyte.nwl.cc>
Date: Tue, 23 Jan 2024 15:41:41 +0100
From: Phil Sutter <phil@....cc>
To: Markus Elfring <Markus.Elfring@....de>
Cc: netfilter-devel@...r.kernel.org, coreteam@...filter.org,
	netdev@...r.kernel.org, kernel-janitors@...r.kernel.org,
	"David S. Miller" <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>, Florian Westphal <fw@...len.de>,
	Jakub Kicinski <kuba@...nel.org>,
	Jozsef Kadlecsik <kadlec@...filter.org>,
	Pablo Neira Ayuso <pablo@...filter.org>,
	Paolo Abeni <pabeni@...hat.com>,
	LKML <linux-kernel@...r.kernel.org>,
	Kunwu Chan <chentao@...inos.cn>
Subject: Re: [PATCH] netfilter: nf_tables: Add a null pointer check in two
 functions

Hi Markus,

On Tue, Jan 23, 2024 at 02:45:12PM +0100, Markus Elfring wrote:
> From: Markus Elfring <elfring@...rs.sourceforge.net>
> Date: Tue, 23 Jan 2024 14:28:31 +0100
> 
> The result from a call of the function “kasprintf” was passed to
> a subsequent function call without checking for a null pointer before
> (according to a memory allocation failure).
> This issue was detected by using the Coccinelle software.

This is correct and I'm fine with the patch if it avoids ringing alarm
bells somewhere, yet it doesn't fix an actual issue here since the
allocated buffer is merely passed to vsnprintf() which detects and
sanitizes %s args being NULL.

Cheers, Phil

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ