| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <31823d969f554ffd04e5f9b3b459ecf4@linux.dev>
Date: Fri, 27 Aug 2021 09:23:22 +0000
From: yajun.deng@...ux.dev
To: "Dan Carpenter" <dan.carpenter@...cle.com>
Cc: netdev@...r.kernel.org
Subject: Re: [bug report] net: ipv4: Move ip_options_fragment() out of
loop
August 27, 2021 4:49 PM, "Dan Carpenter" <dan.carpenter@...cle.com> wrote:
> Hello Yajun Deng,
>
> This is a semi-automatic email about new static checker warnings.
Can you test the attached?
Thanks.
>
> The patch faf482ca196a: "net: ipv4: Move ip_options_fragment() out of
> loop" from Aug 23, 2021, leads to the following Smatch complaint:
>
> net/ipv4/ip_output.c:833 ip_do_fragment()
> warn: variable dereferenced before check 'iter.frag' (see line 828)
>
> net/ipv4/ip_output.c
> 827 ip_fraglist_init(skb, iph, hlen, &iter);
> ^^^^^
> iter.frag is set here.
>
> 828 ip_options_fragment(iter.frag);
> ^^^^^^^^^
> The patch introduces a new dereference here
>
> 829
> 830 for (;;) {
> 831 /* Prepare header of the next frame,
> 832 * before previous one went down. */
> 833 if (iter.frag) {
> ^^^^^^^^^
> But the old code assumed that "iter.frag" could be NULL.
>
> 834 IPCB(iter.frag)->flags = IPCB(skb)->flags;
> 835 ip_fraglist_prepare(skb, &iter);
>
> regards,
> dan carpenter
Download attachment "0001-net-ipv4-Fix-the-warning-for-dereference.patch" of type "application/octet-stream" (1235 bytes)
Powered by blists - more mailing lists