| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20250518131332.970207-1-ant.v.moryakov@gmail.com> Date: Sun, 18 May 2025 16:13:32 +0300 From: ant.v.moryakov@...il.com To: mkubecek@...e.cz Cc: netdev@...r.kernel.org, AntonMoryakov <ant.v.moryakov@...il.com> Subject: [PATCH] ethtool: fix possible NULL dereference in main() via argp From: AntonMoryakov <ant.v.moryakov@...il.com> Static analyzer (Svace) reported a possible null pointer dereference in main(), where the pointer 'argp' is dereferenced without checking whether it is NULL. Specifically, if 'argc' is 0 or reduced to 0 by parsing global options, then '*argp' would cause undefined behavior. This patch adds a NULL check for 'argp' before calling find_option(). This resolves: DEREF_AFTER_NULL.EX.COND: ethtool.c:6391 Found by Svace static analysis tool. Signed-off-by: Anton Moryakov <ant.v.moryakov@...il.com> --- ethtool.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ethtool.c b/ethtool.c index 327a2da..4601051 100644 --- a/ethtool.c +++ b/ethtool.c @@ -6634,7 +6634,7 @@ int main(int argc, char **argp) * name to get settings for (which we don't expect to begin * with '-'). */ - if (!*argp) + if (!argp || !*argp) exit_bad_args(); k = find_option(*argp); -- 2.34.1
Powered by blists - more mailing lists