| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 19 Jun 2013 00:47:11 -0700 (PDT) From: David Miller <davem@...emloft.net> To: torvalds@...ux-foundation.org Cc: johannes@...solutions.net, linville@...driver.com, linux-wireless@...r.kernel.org, netdev@...r.kernel.org Subject: Re: nl80211 NULL pointer dereference From: Linus Torvalds <torvalds@...ux-foundation.org> Date: Tue, 18 Jun 2013 16:24:57 -1000 > And yes, the code checks that for being non-NULL in at the top of the > function, but maybe there is a race with something else setting it to > NULL? There is a kzalloc(GFP_KERNEL) in between, so it doesn't even > have to be a very small race... The nl80211 code uses a flag for each netlink command to determine whether the RTNL mutex should be held across the operation. This is handled in the pre_doit and post_doit methods implemented in nl80211.c. And this operation, in fact, just so happens to be one that doesn't have the "take the RTNL mutex" flag set. But for internal consistency of the netlink message itself, the RTNL mutex should not matter. It's in a private SKB buffer which is in use only by the ->doit() method. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists