lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20240307134142.169523-1-rand.sec96@gmail.com>
Date: Thu,  7 Mar 2024 16:41:42 +0300
From: Rand Deeb <rand.sec96@...il.com>
To: jonas.gorski@...il.com
Cc: deeb.rand@...fident.ru,
	khoroshilov@...ras.ru,
	kvalo@...nel.org,
	linux-kernel@...r.kernel.org,
	linux-wireless@...r.kernel.org,
	lvc-project@...uxtesting.org,
	m@...s.ch,
	rand.sec96@...il.com,
	voskresenski.stanislav@...fident.ru
Subject: Re: [PATCH v3] ssb: Fix potential NULL pointer dereference in ssb_device_uevent


On Wed, Mar 6, 2024 at 10:51 PM Jonas Gorski <jonas.gorski@...il.com> wrote:
>
> Hi
>
> The NULL check is what needs to be fixed/removed, not the code
> surrounding it. This function will be called from dev_uevent() [1]
> where dev cannot be NULL. So a NULL dereference cannot happen.
>
> Most other implementors of bus_type::uevent have no NULL check. To be
> precise, there is only one other implementor with a NULL check,
> rio_uevent(), and none of the other ones have one. See e.g.
> bcma_device_uevent(), memstick_uevent(), mips_cdmm_uevent(), or
> fsl_mc_bus_uevent().


Hi Jonas,

Thank you for the feedback. To be precise there are actually 8 other 
implementors (and potentially more) with a NULL check not just one 
(parisc_uevent, serio_uevent, ipack_uevent, pci_uevent, pcmcia_bus_uevent, 
rio_uevent, zorro_uevent, and soundbus_ueven).

After a second review, I totally concur with your observations. I quickly 
judged, I believed there might be an alternative way to call the function 
because it's not the only one with a null check, and actually the patch 
version 1 got accknowleded, that's why i'm confused. 

Given that null is improbable in this context due to the calls being made 
through uevent, we should eliminate the redundant condition. In light of 
this, would you recommend sending a new version (v4) of the patch with the 
correct title and info, or do you think it would be more appropriate to 
submit an entirely fresh patch? i'll also send patches to all of the 
implementors.

Best regards.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ