lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <20200927135950.cy536vnvrae6h2ne@skbuf>
Date:   Sun, 27 Sep 2020 13:59:52 +0000
From:   Ioana Ciornei <ioana.ciornei@....com>
To:     Alex Dewar <alex.dewar90@...il.com>
CC:     Ioana Ciocoi Radulescu <ruxandra.radulescu@....com>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH] dpaa2-mac: Fix potential null pointer dereference

On Sun, Sep 27, 2020 at 02:31:20PM +0100, Alex Dewar wrote:
> In dpaa2_pcs_destroy, variable pcs is dereference before it is
> null-checked. Fix this.
> 
> Addresses-Coverity: CID 1497159: Null pointer dereferences (REVERSE_INULL)
> Signed-off-by: Alex Dewar <alex.dewar90@...il.com>
> ---
>  drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
> index 6ff64dd1cf27..09bf4fec1172 100644
> --- a/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
> +++ b/drivers/net/ethernet/freescale/dpaa2/dpaa2-mac.c
> @@ -291,11 +291,10 @@ static int dpaa2_pcs_create(struct dpaa2_mac *mac,
>  static void dpaa2_pcs_destroy(struct dpaa2_mac *mac)
>  {
>  	struct lynx_pcs *pcs = mac->pcs;
> -	struct device *dev = &pcs->mdio->dev;
>  
>  	if (pcs) {
>  		lynx_pcs_destroy(pcs);
> -		put_device(dev);
> +		put_device(&pcs->mdio->dev);
>  		mac->pcs = NULL;
>  	}
>  }

This would introduce another problem because you would access an already
freed pcs. Maybe just move the declaration and initialization of dev
inside the if statement.

Thanks, Ioana

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ