lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 17 Jun 2020 20:43:59 -0700
From:   Eric Dumazet <eric.dumazet@...il.com>
To:     Gaurav Singh <gaurav1086@...il.com>,
        Jamal Hadi Salim <jhs@...atatu.com>,
        Cong Wang <xiyou.wangcong@...il.com>,
        Jiri Pirko <jiri@...nulli.us>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        "open list:TC subsystem" <netdev@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] [net/sched] Fix null pointer deref skb in tc_ctl_action



On 6/17/20 6:43 PM, Gaurav Singh wrote:
> Add null check for skb
> 

Bad choice really.

You have to really understand code intent before trying to fix it.

> Signed-off-by: Gaurav Singh <gaurav1086@...il.com>
> ---
>  net/sched/act_api.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/net/sched/act_api.c b/net/sched/act_api.c
> index 8ac7eb0a8309..fd584821d75a 100644
> --- a/net/sched/act_api.c
> +++ b/net/sched/act_api.c
> @@ -1473,9 +1473,12 @@ static const struct nla_policy tcaa_policy[TCA_ROOT_MAX + 1] = {
>  static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n,
>  			 struct netlink_ext_ack *extack)
>  {
> +	if (!skb)
> +		return 0;


We do not allow this

warning: ISO C90 forbids mixed declarations and code [-Wdeclaration-after-statement]

> +
>  	struct net *net = sock_net(skb->sk);
>  	struct nlattr *tca[TCA_ROOT_MAX + 1];
> -	u32 portid = skb ? NETLINK_CB(skb).portid : 0;
> +	u32 portid = NETLINK_CB(skb).portid;
>  	int ret = 0, ovr = 0;
>  
>  	if ((n->nlmsg_type != RTM_GETACTION) &&
> 

Please compile your patches, do not expect us from doing this.

Powered by blists - more mailing lists