lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <54af2ah7kfz5kpib75fafbftofbacuaa7hbdinlorngbfwxa2p@gvfjiiw5kiti>
Date: Wed, 11 Jun 2025 01:13:15 +0200
From: Michal Kubecek <mkubecek@...e.cz>
To: ant.v.moryakov@...il.com
Cc: netdev@...r.kernel.org
Subject: Re: [PATCH] fec: fix possible NULL dereference in fec_mode_walk()

Dne Sun, May 18, 2025 at 04:18:18PM GMT, ant.v.moryakov@...il.com napsal:
> From: AntonMoryakov <ant.v.moryakov@...il.com>
> 
> Static analyzer (Svace) reported a possible null pointer dereference
> in fec_mode_walk(), where the 'name' pointer is passed to print_string()
> without checking for NULL.
> 
> Although some callers check the return value of get_string(), others
> (e.g., walk_bitset()) do not. This patch adds an early NULL check
> to avoid dereferencing a null pointer.
> 
> This resolves:
> DEREF_OF_NULL.EX.COND: json_print.c:142 via fec.c
> 
> Found by Svace static analysis tool.
> 
> Signed-off-by: Anton Moryakov <ant.v.moryakov@...il.com>
> 
> ---
>  netlink/fec.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/netlink/fec.c b/netlink/fec.c
> index 6027dc0..ed100d7 100644
> --- a/netlink/fec.c
> +++ b/netlink/fec.c
> @@ -27,6 +27,8 @@ fec_mode_walk(unsigned int idx, const char *name, bool val, void *data)
>  
>  	if (!val)
>  		return;
> +	if (!name)
> +		return;
>  	if (empty)
>  		*empty = false;
>  

I'll apply the patch as it makes the code cleaner and safer against
future rewrites but I don't think actual null pointer dereference is
still possible after your patch "json_print: add NULL check before
jsonw_string_field() in print_string()" as it fixes handling both key
and value being null in print_string().

Michal

Download attachment "signature.asc" of type "application/pgp-signature" (489 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ