[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Jun 2019 09:55:07 +0200
From: Marcus Meissner <meissner@...e.de>
To: wmealing@...hat.com, blackgod016574@...il.com,
netdev@...r.kernel.org
Subject: Re: likely invalid CVE assignment for commit
95baa60a0da80a0143e3ddd4d3725758b4513825
Hi,
Dave does not like private-only emails, so again for netdev list:
On Wed, Jun 05, 2019 at 11:20:29AM +0200, Marcus Meissner wrote:
> Hi Gen Zhang,
>
> looking at https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95baa60a0da80a0143e3ddd4d3725758b4513825
>
> ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()
> In function ip6_ra_control(), the pointer new_ra is allocated a memory
> space via kmalloc(). And it is used in the following codes. However,
> when there is a memory allocation error, kmalloc() fails. Thus null
> pointer dereference may happen. And it will cause the kernel to crash.
> Therefore, we should check the return value and handle the error.
>
> There seems to be no case in current GIT where new_ra is being dereferenced even if it
> is NULL (kfree(NULL) will work fine).
>
> Was this just an assumption based on insufficient code review, or was there a real
> crash observed and how?
The reporter had replied privately that he was only doing a code audit.
We (Redhat and SUSE) wonder if this fix is needed at all.
Ciao, Marcus
Powered by blists - more mailing lists