| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230509212125.15880-7-stephen@networkplumber.org>
Date: Tue, 9 May 2023 14:21:20 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: netdev@...r.kernel.org
Cc: Stephen Hemminger <stephen@...workplumber.org>
Subject: [PATCH iproute2 06/11] tc_exec: don't dereference NULL on calloc failure
Reported as:
tc_exec.c: In function ‘do_exec’:
tc_exec.c:103:18: warning: dereference of NULL ‘eu’ [CWE-476] [-Wanalyzer-null-dereference]
103 | return eu->parse_eopt(eu, argc, argv);
| ~~^~~~~~~~~~~~
‘do_exec’: events 1-6
|
| 81 | int do_exec(int argc, char **argv)
| | ^~~~~~~
| | |
| | (1) entry to ‘do_exec’
|......
| 86 | if (argc < 1) {
| | ~
| | |
| | (2) following ‘false’ branch (when ‘argc > 0’)...
|......
| 91 | if (matches(*argv, "help") == 0) {
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(3) ...to here
| | (4) following ‘true’ branch...
|......
| 96 | strncpy(kind, *argv, sizeof(kind) - 1);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (5) ...to here
| 97 |
| 98 | eu = get_exec_kind(kind);
| | ~~~~~~~~~~~~~~~~~~~
| | |
| | (6) calling ‘get_exec_kind’ from ‘do_exec’
|
+--> ‘get_exec_kind’: events 7-10
|
| 40 | static struct exec_util *get_exec_kind(const char *name)
| | ^~~~~~~~~~~~~
| | |
| | (7) entry to ‘get_exec_kind’
|......
| 63 | if (eu == NULL)
| | ~
| | |
| | (8) following ‘true’ branch (when ‘eu’ is NULL)...
| 64 | goto noexist;
| | ~~~~
| | |
| | (9) ...to here
|......
| 72 | if (eu) {
| | ~
| | |
| | (10) following ‘false’ branch (when ‘eu’ is NULL)...
|
‘get_exec_kind’: event 11
|
|cc1:
| (11): ...to here
|
<------+
|
‘do_exec’: events 12-13
|
| 98 | eu = get_exec_kind(kind);
| | ^~~~~~~~~~~~~~~~~~~
| | |
| | (12) return of NULL to ‘do_exec’ from ‘get_exec_kind’
|......
| 103 | return eu->parse_eopt(eu, argc, argv);
| | ~~~~~~~~~~~~~~
| | |
| | (13) dereference of NULL ‘eu’
|
Fixes: 4bd624467bc6 ("tc: built-in eBPF exec proxy")
Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
---
tc/tc_exec.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/tc/tc_exec.c b/tc/tc_exec.c
index 5d8834029a0b..182fbb4c35c9 100644
--- a/tc/tc_exec.c
+++ b/tc/tc_exec.c
@@ -96,6 +96,10 @@ int do_exec(int argc, char **argv)
strncpy(kind, *argv, sizeof(kind) - 1);
eu = get_exec_kind(kind);
+ if (eu == NULL) {
+ fprintf(stderr, "Allocation failed finding exec\n");
+ return -1;
+ }
argc--;
argv++;
--
2.39.2
Powered by blists - more mailing lists