| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAHA+R7NY2g+tEeBXYPWaDRgrqq23Zo7uwV8PVFHAu0frprYYZw@mail.gmail.com>
Date: Tue, 17 Jun 2014 14:31:36 -0700
From: Cong Wang <cwang@...pensource.com>
To: Stephen Hemminger <stephen@...workplumber.org>
Cc: netdev <netdev@...r.kernel.org>
Subject: Re: Fw: [Bug 78161] New: Missing NULL check of the return value of
nla_nest_start() in function sfb_dump()
On Tue, Jun 17, 2014 at 1:52 PM, Stephen Hemminger
<stephen@...workplumber.org> wrote:
> Function nla_nest_start() may return a NULL pointer, and its return value shall
> be checked before used. But in function sfb_dump() after nla_nest_start() is
> called(at net/sched/sch_sfb.c:559), the return value is immediately used as a
> parameter of nla_nest_end() without NULL check. Besides, there is no check
> before the parameter is dereferenced in the callee function nla_nest_end(). So
> an invalid memory access may be triggered.
> The related code snippets in sfb_dump() are as following.
> sfb_dump() @@net/sched/sch_sfb.c:559
> 559 opts = nla_nest_start(skb, TCA_OPTIONS);
> 560 NLA_PUT(skb, TCA_SFB_PARMS, sizeof(opt), &opt);
> 561 return nla_nest_end(skb, opts);
This was fixed by:
commit 7ac2908e4b2edaec60e9090ddb4d9ceb76c05e7d
Author: Alan Cox <alan@...ux.intel.com>
Date: Thu Jul 12 03:39:11 2012 +0000
sch_sfb: Fix missing NULL check
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists