| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 May 2014 23:56:03 +0200
From: Rickard Strandqvist <rickard_strandqvist@...ctrumdigital.se>
To: Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
Cc: Karsten Keil <isdn@...ux-pingi.de>, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] isdn: hisax: l3dss1.c: Fix for possible null pointer dereference
Hi Sergei
I did not put the assignment in the if statement. Is it meant for me
to change all the code around the parts I fix?
There are many assignments in if in the l3dss1_cmd_global() funktion.
It's late and I'm tired, but I still can not see which of these pairs
of features that I can remove ...?
if (ic->parm.dss1_io.timeout > 0) {
if (!(pc = dss1_new_l3_process(st, -1))) {
free_invoke_id(st, id);
return (-2);
}
pc->prot.dss1.ll_id = ic->parm.dss1_io.ll_id; /* remember id */
pc->prot.dss1.proc = ic->parm.dss1_io.proc; /* and procedure */
}
Best regards
Rickard Strandqvist
2014-05-19 23:26 GMT+02:00 Sergei Shtylyov <sergei.shtylyov@...entembedded.com>:
> On 05/20/2014 01:24 AM, Rickard Strandqvist wrote:
>
>> There is otherwise a risk of a possible null pointer dereference.
>
>
>> Was largely found by using a static code analysis program called cppcheck.
>
>
>> Signed-off-by: Rickard Strandqvist
>> <rickard_strandqvist@...ctrumdigital.se>
>> ---
>> drivers/isdn/hisax/l3dss1.c | 11 ++++++-----
>> 1 file changed, 6 insertions(+), 5 deletions(-)
>
>
>> diff --git a/drivers/isdn/hisax/l3dss1.c b/drivers/isdn/hisax/l3dss1.c
>> index cda7006..9ea7377 100644
>> --- a/drivers/isdn/hisax/l3dss1.c
>> +++ b/drivers/isdn/hisax/l3dss1.c
>> @@ -2203,13 +2203,14 @@ static int l3dss1_cmd_global(struct PStack *st,
>> isdn_ctrl *ic)
>> memcpy(p, ic->parm.dss1_io.data,
>> ic->parm.dss1_io.datalen); /* copy data */
>> l = (p - temp) + ic->parm.dss1_io.datalen; /*
>> total length */
>>
>> - if (ic->parm.dss1_io.timeout > 0)
>> - if (!(pc = dss1_new_l3_process(st, -1)))
>> - { free_invoke_id(st, id);
>> + if (ic->parm.dss1_io.timeout > 0) {
>> + if (!(pc = dss1_new_l3_process(st, -1))) {
>
>
> Assignments shouldn't be put into *if* statement. If you did run the
> patch thru scripts/checkpatch.pl, it would have told you.
>
>
>> + free_invoke_id(st, id);
>> return (-2);
>
>
> Parens not needed. Could as well fix it here...
>
>
>> }
>> - pc->prot.dss1.ll_id = ic->parm.dss1_io.ll_id; /*
>> remember id */
>> - pc->prot.dss1.proc = ic->parm.dss1_io.proc; /* and
>> procedure */
>> + pc->prot.dss1.ll_id =
>> ic->parm.dss1_io.ll_id; /* remember id */
>> + pc->prot.dss1.proc =
>> ic->parm.dss1_io.proc; /* and procedure */
>> + }
>
>
> WBR, Sergei
>
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists