lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAEf4Bza3inoAHsS0w=nKXNgxyFqzPXJVyDHq03Foody6Vgp7=Q@mail.gmail.com>
Date:   Thu, 21 Apr 2022 09:55:08 -0700
From:   Andrii Nakryiko <andrii.nakryiko@...il.com>
To:     Gaosheng Cui <cuigaosheng1@...wei.com>
Cc:     Alexei Starovoitov <ast@...nel.org>,
        Daniel Borkmann <daniel@...earbox.net>,
        Andrii Nakryiko <andrii@...nel.org>, Martin Lau <kafai@...com>,
        Song Liu <songliubraving@...com>, Yonghong Song <yhs@...com>,
        john fastabend <john.fastabend@...il.com>,
        KP Singh <kpsingh@...nel.org>,
        Networking <netdev@...r.kernel.org>, bpf <bpf@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        gongruiqi1@...wei.com, wangweiyang2@...wei.com
Subject: Re: [PATCH -next] libbpf: Add additional null-pointer checking in make_parent_dir

On Thu, Apr 21, 2022 at 6:01 AM Gaosheng Cui <cuigaosheng1@...wei.com> wrote:
>
> The make_parent_dir is called without null-pointer checking for path,
> such as bpf_link__pin. To ensure there is no null-pointer dereference
> in make_parent_dir, so make_parent_dir requires additional null-pointer
> checking for path.
>
> Signed-off-by: Gaosheng Cui <cuigaosheng1@...wei.com>
> ---
>  tools/lib/bpf/libbpf.c | 3 +++
>  1 file changed, 3 insertions(+)
>
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index b53e51884f9e..5786e6184bf5 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -7634,6 +7634,9 @@ static int make_parent_dir(const char *path)
>         char *dname, *dir;
>         int err = 0;
>
> +       if (path == NULL)
> +               return -EINVAL;
> +

API contract is that path shouldn't be NULL. Just like we don't check
link, obj, prog for NULL in every single API, I don't think we need to
do it here, unless I'm missing something?

>         dname = strdup(path);
>         if (dname == NULL)
>                 return -ENOMEM;
> --
> 2.25.1
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ