lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 12 Jan 2016 20:00:19 +0800
From:	Herbert Xu <herbert@...dor.apana.org.au>
To:	Denis Kirjanov <kda@...ux-powerpc.org>
Cc:	sploving1@...il.com, davem@...emloft.net, netdev@...r.kernel.org
Subject: Re: [PATCH v3] netlink: fix null pointer dereference on nlk->groups

Denis Kirjanov <kda@...ux-powerpc.org> wrote:
> On 1/12/16, Baozeng Ding <sploving1@...il.com> wrote:
>> If groups is not 0 and nlk->groups is NULL, it will not return
>> immediately and cause a null pointer dereference later.
>>
>> Signed-off-by: Baozeng Ding <sploving1@...il.com>
>> ---
>> The v3 version adds WARN_ON, suggested by David Miller. Thanks for
>> David's feedback.
> 
> But can you explain how can we get to this situation?

Indeed, this patch makes no sense as it stands.  If groups is
not NULL, then we should have allocated nlk->groups prior to
reaching this point.  If that allocation failed, then we should
have already bailed out long ago.  Perhaps we have a race condition
that needs to be closed with a lock?

Cheers,
-- 
Email: Herbert Xu <herbert@...dor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ