lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-Id: <20161127.152503.1338198255637289162.davem@davemloft.net>
Date:   Sun, 27 Nov 2016 15:25:03 -0500 (EST)
From:   David Miller <davem@...emloft.net>
To:     manjeet.p@...sung.com
Cc:     kuznet@....inr.ac.ru, jmorris@...ei.org, yoshfuji@...ux-ipv6.org,
        kaber@...sh.net, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, pankaj.m@...sung.com,
        ajeet.y@...sung.com, r.thapliyal@...sung.com,
        hannes@...essinduktion.org
Subject: Re: [PATCH v2] ipv6:ipv6_pinfo dereferenced after NULL check

From: Manjeet Pawar <manjeet.p@...sung.com>
Date: Thu, 24 Nov 2016 16:11:57 +0530

> From: Rohit Thapliyal <r.thapliyal@...sung.com>
> 
> np checked for NULL and then dereferenced. It should be modified
> for NULL case.
> 
> Signed-off-by: Rohit Thapliyal <r.thapliyal@...sung.com>
> Signed-off-by: Manjeet Pawar <manjeet.p@...sung.com>
> Signed-off-by: Hannes Frederic Sowa <hannes@...essinduktion.org>
> Reviewed-by: Akhilesh Kumar <akhilesh.k@...sung.com>

I do not think inet6_sk(sk) can ever be NULL in this function.

All callers fall into two categories:

1) Calls where arguments already dereference np in some way to
   pass arguments to ip6_xmit():

net/dccp/ipv6.c:		err = ip6_xmit(sk, skb, &fl6, opt, np->tclass);
net/ipv6/inet6_connection_sock.c:	res = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt),
net/ipv6/tcp_ipv6.c:		err = ip6_xmit(sk, skb, fl6, opt, np->tclass);
net/sctp/ipv6.c:	res = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt), np->tclass);

2) Calls where the socket is a "control" socket which is initialized
   at procotol registration time and therefore definitely has
   a proper inet6_sk() pointer set up.

net/dccp/ipv6.c:		ip6_xmit(ctl_sk, skb, &fl6, NULL, 0);
net/ipv6/tcp_ipv6.c:		ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);

Therefore, I think we should simply remove the NULL test entirely.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ