| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <17db0b5f-a0aa-448a-8fdf-a1264dcf95d0@kernel.org> Date: Tue, 5 Nov 2024 08:44:10 -0700 From: David Ahern <dsahern@...nel.org> To: Paolo Abeni <pabeni@...hat.com>, Yi Zou <03zouyi09.25@...il.com>, davem@...emloft.net Cc: 21210240012@...udan.edu.cn, 21302010073@...udan.edu.cn, edumazet@...gle.com, kuba@...nel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] ipv6: ip6_fib: fix possible null-pointer-dereference in ipv6_route_native_seq_show On 11/5/24 5:28 AM, Paolo Abeni wrote: > > > On 11/1/24 05:48, Yi Zou wrote: >> In the ipv6_route_native_seq_show function, the fib6_nh variable >> is assigned the value from nexthop_fib6_nh(rt->nh), which could >> return NULL. This creates a risk of a null-pointer-dereference >> when accessing fib6_nh->fib_nh_gw_family. This can be resolved by >> checking if fib6_nh is non-NULL before accessing fib6_nh->fib_nh_gw_family >> and assign dev using dev = fib6_nh ? fib6_nh->fib_nh_dev : NULL; >> to prevent null-pointer dereference errors. >> >> Signed-off-by: Yi Zou <03zouyi09.25@...il.com> > > Please send a new revision, including a the target tree in the subj > prefix - in this case 'net' and a suitable Fixes tag. > > /P > I would also like to understand why you believe NULL can really happen - excluding memory corruption or custom patches to a kernel. If you look at the make up of nexthop_fib6_nh it is defensive around bugs elsewhere (nhsel > number of nexthops) and future changes (support for ipv6 nexthops that are not IPV6 addresses). That comment applies to all of these patches around nexthop_fib6_nh possibly returning NULL.
Powered by blists - more mailing lists