| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 May 2011 15:55:12 +0200 From: Johannes Berg <johannes@...solutions.net> To: Julia Lawall <julia@...u.dk> Cc: kernel-janitors@...r.kernel.org, "John W. Linville" <linville@...driver.com>, "David S. Miller" <davem@...emloft.net>, linux-wireless@...r.kernel.org, netdev@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/3] net/rfkill/core.c: Avoid leaving freed data in a list On Fri, 2011-05-13 at 15:52 +0200, Julia Lawall wrote: > The list_for_each_entry loop can fail, in which case the list element is > not removed from the list rfkill_fds. Since this list is not accessed by > the loop, the addition of &data->list into the list is just moved after the > loop. > > The sematic match that finds this problem is as follows: > (http://coccinelle.lip6.fr/) > > // <smpl> > @@ > expression E,E1,E2; > identifier l; > @@ > > *list_add(&E->l,E1); > ... when != E1 > when != list_del(&E->l) > when != list_del_init(&E->l) > when != E = E2 > *kfree(E);// </smpl> > > Signed-off-by: Julia Lawall <julia@...u.dk> > > --- > I have only verified that rfkill_fds is not accessed by the loop by > inspecting the code. If this analysis is not correct, the other solution > would be to leave the list_add where it is and delete the element from the > list explicitly. Looks right to me, thanks! johannes -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists