| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250513200128.522-1-ant.v.moryakov@gmail.com>
Date: Tue, 13 May 2025 23:01:28 +0300
From: Anton Moryakov <ant.v.moryakov@...il.com>
To: netdev@...r.kernel.org
Cc: Anton Moryakov <ant.v.moryakov@...il.com>
Subject: [PATCH] netlink: add NULL check for get_string() in features.c
Report of the static analyzer:
Return value of a function 'get_string' is dereferenced at features.c:279
without checking for NULL, but it is usually checked for this function (6/7).
Correct explained:
Added NULL check for get_string() return value before passing to strcmp()
to prevent potential NULL pointer dereference. This matches the behavior
in other similar code paths where get_string() is used.
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov@...il.com>
---
netlink/features.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/netlink/features.c b/netlink/features.c
index 5711ff4..1a8c2f5 100644
--- a/netlink/features.c
+++ b/netlink/features.c
@@ -275,9 +275,11 @@ static int find_feature(const char *name,
const unsigned int count = get_count(feature_names);
unsigned int i;
- for (i = 0; i < count; i++)
- if (!strcmp(name, get_string(feature_names, i)))
+ for (i = 0; i < count; i++) {
+ const char *str = get_string(feature_names, i);
+ if (str && !strcmp(name, str))
return i;
+ }
return -1;
}
--
2.30.2
Powered by blists - more mailing lists