| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <202501141706.38210.pisa@fel.cvut.cz>
Date: Tue, 14 Jan 2025 17:06:38 +0100
From: Pavel Pisa <pisa@....cvut.cz>
To: Fedor Pchelkin <pchelkin@...ras.ru>,
"Marc Kleine-Budde" <mkl@...gutronix.de>
Cc: Ondrej Ille <ondrej.ille@...il.com>,
Vincent Mailhol <mailhol.vincent@...adoo.fr>,
Martin Jerabek <martin.jerabek01@...il.com>,
linux-can@...r.kernel.org,
linux-kernel@...r.kernel.org,
lvc-project@...uxtesting.org,
stable@...r.kernel.org
Subject: Re: [PATCH] can: ctucanfd: handle skb allocation failure
Hello Fedor,
thanks for spotting the problem.
On Tuesday 14 of January 2025 16:21:38 Fedor Pchelkin wrote:
> If skb allocation fails, the pointer to struct can_frame is NULL. This
> is actually handled everywhere inside ctucan_err_interrupt() except for
> the only place.
>
> Add the missed NULL check.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE static
> analysis tool.
>
> Fixes: 2dcb8e8782d8 ("can: ctucanfd: add support for CTU CAN FD open-source
> IP core - bus independent part.") Cc: stable@...r.kernel.org
> Signed-off-by: Fedor Pchelkin <pchelkin@...ras.ru>
Acked-by: Pavel Pisa <pisa@....felk.cvut.cz>
> ---
> drivers/net/can/ctucanfd/ctucanfd_base.c | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/net/can/ctucanfd/ctucanfd_base.c
> b/drivers/net/can/ctucanfd/ctucanfd_base.c index 64c349fd4600..f65c1a1e05cc
> 100644
> --- a/drivers/net/can/ctucanfd/ctucanfd_base.c
> +++ b/drivers/net/can/ctucanfd/ctucanfd_base.c
> @@ -867,10 +867,12 @@ static void ctucan_err_interrupt(struct net_device
> *ndev, u32 isr) }
> break;
> case CAN_STATE_ERROR_ACTIVE:
> - cf->can_id |= CAN_ERR_CNT;
> - cf->data[1] = CAN_ERR_CRTL_ACTIVE;
> - cf->data[6] = bec.txerr;
> - cf->data[7] = bec.rxerr;
> + if (skb) {
> + cf->can_id |= CAN_ERR_CNT;
> + cf->data[1] = CAN_ERR_CRTL_ACTIVE;
> + cf->data[6] = bec.txerr;
> + cf->data[7] = bec.rxerr;
> + }
> break;
> default:
> netdev_warn(ndev, "unhandled error state (%d:%s)!\n",
--
Pavel Pisa
phone: +420 603531357
e-mail: pisa@....felk.cvut.cz
Department of Control Engineering FEE CVUT
Karlovo namesti 13, 121 35, Prague 2
university: http://control.fel.cvut.cz/
personal: http://cmp.felk.cvut.cz/~pisa
social: https://social.kernel.org/ppisa
projects: https://www.openhub.net/accounts/ppisa
CAN related:http://canbus.pages.fel.cvut.cz/
RISC-V education: https://comparch.edu.cvut.cz/
Open Technologies Research Education and Exchange Services
https://gitlab.fel.cvut.cz/otrees/org/-/wikis/home
Powered by blists - more mailing lists