lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20250513200128.522-1-ant.v.moryakov@gmail.com>
Date: Tue, 13 May 2025 23:01:28 +0300
From: Anton Moryakov <ant.v.moryakov@...il.com>
To: netdev@...r.kernel.org
Cc: Anton Moryakov <ant.v.moryakov@...il.com>
Subject: [PATCH] netlink: add NULL check for get_string() in features.c

Report of the static analyzer:
Return value of a function 'get_string' is dereferenced at features.c:279
without checking for NULL, but it is usually checked for this function (6/7).

Correct explained:
Added NULL check for get_string() return value before passing to strcmp()
to prevent potential NULL pointer dereference. This matches the behavior
in other similar code paths where get_string() is used.

Triggers found by static analyzer Svace.

Signed-off-by: Anton Moryakov <ant.v.moryakov@...il.com>

---
 netlink/features.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/netlink/features.c b/netlink/features.c
index 5711ff4..1a8c2f5 100644
--- a/netlink/features.c
+++ b/netlink/features.c
@@ -275,9 +275,11 @@ static int find_feature(const char *name,
 	const unsigned int count = get_count(feature_names);
 	unsigned int i;
 
-	for (i = 0; i < count; i++)
-		if (!strcmp(name, get_string(feature_names, i)))
+	for (i = 0; i < count; i++) {
+		const char *str = get_string(feature_names, i);
+		if (str && !strcmp(name, str))
 			return i;
+	}
 
 	return -1;
 }
-- 
2.30.2


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ