| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <195f2498f70.279b.9b12b7fc0a3841636cfb5e919b41b954@broadcom.com>
Date: Tue, 01 Apr 2025 18:57:42 +0200
From: Arend Van Spriel <arend.vanspriel@...adcom.com>
To: Henry Martin <bsdhenrymartin@...il.com>
CC: <linux-wireless@...r.kernel.org>, <brcm80211@...ts.linux.dev>, <brcm80211-dev-list.pdl@...adcom.com>, <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v1] wifi: brcmfmac: acpi: Add NULL check in brcmf_acpi_probe()
On April 1, 2025 4:09:36 PM Henry Martin <bsdhenrymartin@...il.com> wrote:
> devm_kasprintf() returns NULL when memory allocation fails. Currently,
> brcmf_acpi_probe() does not check for this case, which results in a NULL
> pointer dereference.
>
> Add NULL check after devm_kasprintf() to prevent this issue.
>
> Fixes: 0f485805d008 ("wifi: brcmfmac: acpi: Add support for fetching Apple
> ACPI properties")
> Signed-off-by: Henry Martin <bsdhenrymartin@...il.com>
> ---
> drivers/net/wireless/broadcom/brcm80211/brcmfmac/acpi.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/acpi.c
> b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/acpi.c
> index c4a54861bfb4..4885d5d0a0af 100644
> --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/acpi.c
> +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/acpi.c
> @@ -25,6 +25,8 @@ void brcmf_acpi_probe(struct device *dev, enum
> brcmf_bus_type bus_type,
> settings->board_type = devm_kasprintf(dev, GFP_KERNEL,
> "apple,%s",
> o->string.pointer);
> + if (!settings->board_type)
> + return -ENOMEM;
brcmf_acpi_probe() has void return type so this would give a compiler
warning. I expect submitted patches at least do pass compilation.
After digging through the driver code I see a null check everywhere it is
used. Can you please provide a kernel log with a null deref so I may have a
clue where it goes wrong? If any.
Regards,
Arend
>
Powered by blists - more mailing lists