lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250515120154.1658556-1-caius.zone@icloud.com>
Date: Thu, 15 May 2025 20:01:54 +0800
From: caius.zone@...oud.com
To: phillip@...ashfs.org.uk
Cc: linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Caius Zone <zone@...sast.com>
Subject: [PATCH] squashfs: fix NULL pointer dereference in bio_alloc_clone failure path

From: Caius Zone <zone@...sast.com>

bio_alloc_clone() may return NULL under memory pressure. The current code
does not check its return value, which may lead to a NULL pointer dereference
in bio_chain() or other bio operations.

Add a NULL check and return -ENOMEM if allocation fails.

Signed-off-by: Caius Zone <zone@...sast.com>
---
 fs/squashfs/block.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/squashfs/block.c b/fs/squashfs/block.c
index 2dc730800f44..b00a71f8933c 100644
--- a/fs/squashfs/block.c
+++ b/fs/squashfs/block.c
@@ -115,6 +115,9 @@ static int squashfs_bio_read_cached(struct bio *fullbio,
 			struct bio *new = bio_alloc_clone(bdev, fullbio,
 							  GFP_NOIO, &fs_bio_set);
 
+			if (!new)
+				return -ENOMEM;
+
 			if (bio) {
 				bio_trim(bio, start_idx * PAGE_SECTORS,
 					 (end_idx - start_idx) * PAGE_SECTORS);
-- 
2.25.1


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ