| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250321121352.29750-1-qasdev00@gmail.com>
Date: Fri, 21 Mar 2025 12:13:52 +0000
From: Qasim Ijaz <qasdev00@...il.com>
To: andrew+netdev@...n.ch,
davem@...emloft.net,
edumazet@...gle.com,
kuba@...nel.org,
pabeni@...hat.com,
yyyynoom@...il.com,
horms@...nel.org
Cc: netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: [PATCH] net: dl2k: fix potential null deref in receive_packet()
If the pkt_len is less than the copy_thresh the netdev_alloc_skb_ip_align()
is called to allocate an skbuff, on failure it can return NULL. Since
there is no NULL check a NULL deref can occur when setting
skb->protocol.
Fix this by introducing a NULL check to handle allocation failure.
Fixes: 89d71a66c40d ("net: Use netdev_alloc_skb_ip_align()")
Signed-off-by: Qasim Ijaz <qasdev00@...il.com>
---
drivers/net/ethernet/dlink/dl2k.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/drivers/net/ethernet/dlink/dl2k.c b/drivers/net/ethernet/dlink/dl2k.c
index d0ea92607870..22e9432adea0 100644
--- a/drivers/net/ethernet/dlink/dl2k.c
+++ b/drivers/net/ethernet/dlink/dl2k.c
@@ -968,6 +968,11 @@ receive_packet (struct net_device *dev)
np->rx_buf_sz,
DMA_FROM_DEVICE);
}
+
+ if (unlikely(!skb)) {
+ np->rx_ring[entry].fraginfo = 0;
+ break;
+ }
skb->protocol = eth_type_trans (skb, dev);
#if 0
/* Checksum done by hw, but csum value unavailable. */
--
2.39.5
Powered by blists - more mailing lists