| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20240524122350.a22ca8dfe07a21f3eb862159@linux-foundation.org>
Date: Fri, 24 May 2024 12:23:50 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Kuan-Wei Chiu <visitorckw@...il.com>
Cc: jserv@...s.ncku.edu.tw, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tools/lib/slab: Fix potential NULL pointer dereference
in kmalloc()
On Sat, 25 May 2024 03:14:59 +0800 Kuan-Wei Chiu <visitorckw@...il.com> wrote:
> In kmalloc(), add a check to ensure that the pointer 'ret' is not NULL
> before attempting to memset it when the __GFP_ZERO flag is set. This
> prevents a potential NULL pointer dereference.
>
> ...
>
> --- a/tools/lib/slab.c
> +++ b/tools/lib/slab.c
> @@ -22,7 +22,7 @@ void *kmalloc(size_t size, gfp_t gfp)
> uatomic_inc(&kmalloc_nr_allocated);
> if (kmalloc_verbose)
> printf("Allocating %p from malloc\n", ret);
> - if (gfp & __GFP_ZERO)
> + if (gfp & __GFP_ZERO && ret)
> memset(ret, 0, size);
> return ret;
> }
I suspect we have a lot of unchecked mallocs in our userspace code. If
there's an argument for fixing them all(?) then it would be best to do
this in a wholesale fashion rather than patch-at-a-time piecemeal.
Powered by blists - more mailing lists