| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0ed0f964-f8c8-4776-a2ae-ca25071bd0cd@suse.com> Date: Mon, 6 Nov 2023 13:53:12 +0100 From: Oliver Neukum <oneukum@...e.com> To: Bjørn Mork <bjorn@...k.no>, Oliver Neukum <oneukum@...e.com> Cc: Ren Mingshuai <renmingshuai@...wei.com>, kuba@...nel.org, caowangbao@...wei.com, davem@...emloft.net, khlebnikov@...nvz.org, liaichun@...wei.com, linux-kernel@...r.kernel.org, netdev@...r.kernel.org, yanan@...wei.com Subject: Re: [PATCH] net: usbnet: Fix potential NULL pointer dereference On 06.11.23 11:55, Bjørn Mork wrote: > I believe that code is based on the (safe?) assumption that the struct > usbnet driver_info->tx_fixup points to cdc_ncm_tx_fixup(). And That seems to be a correct assumption, but one that is far from obvious. Could you add a big, fat comment? > cdc_ncm_tx_fixup does lots of weird stuff, including special handling of > NULL skb. It might return a valid skb for further processing by > usbnet_start_xmit(). If it doesn't, then we jump straight to > "not_drop", like we do when cdc_ncm_tx_fixup decides to eat the passed > skb. > > But "funky" is i precise description of all this... If someone feels > like it, then all that open coded skb queing inside cdc_ncm should be > completely rewritten. I understand what you mean, but I need a generic answer. Can you call ndo_start_xmit() with skb == NULL? Regards Oliver
Powered by blists - more mailing lists