| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210810091800.291272-1-islituo@gmail.com>
Date: Tue, 10 Aug 2021 02:18:00 -0700
From: Tuo Li <islituo@...il.com>
To: sridhar.samudrala@...el.com, davem@...emloft.net, kuba@...nel.org
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
baijiaju1990@...il.com, Tuo Li <islituo@...il.com>,
TOTE Robot <oslab@...nghua.edu.cn>
Subject: [PATCH] net: core: Fix possible null-pointer dereference in failover_slave_register()
The variable fops is checked in:
if (fops && fops->slave_pre_register &&
fops->slave_pre_register(slave_dev, failover_dev))
This indicates that it can be NULL.
However, it is dereferenced when calling netdev_rx_handler_register():
err = netdev_rx_handler_register(slave_dev, fops->slave_handle_frame,
failover_dev);
To fix this possible null-pointer dereference, check fops first, and if
it is NULL, assign -EINVAL to err.
Reported-by: TOTE Robot <oslab@...nghua.edu.cn>
Signed-off-by: Tuo Li <islituo@...il.com>
---
net/core/failover.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/core/failover.c b/net/core/failover.c
index b5cd3c727285..113a4dacdf48 100644
--- a/net/core/failover.c
+++ b/net/core/failover.c
@@ -63,8 +63,11 @@ static int failover_slave_register(struct net_device *slave_dev)
fops->slave_pre_register(slave_dev, failover_dev))
goto done;
- err = netdev_rx_handler_register(slave_dev, fops->slave_handle_frame,
+ if (fops)
+ err = netdev_rx_handler_register(slave_dev, fops->slave_handle_frame,
failover_dev);
+ else
+ err = -EINVAL;
if (err) {
netdev_err(slave_dev, "can not register failover rx handler (err = %d)\n",
err);
--
2.25.1
Powered by blists - more mailing lists