From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1427895AbdDWIQY (ORCPT ); Sun, 23 Apr 2017 04:16:24 -0400 Received: from smtprelay0224.hostedemail.com ([216.40.44.224]:37920 "EHLO smtprelay.hostedemail.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1427865AbdDWIQL (ORCPT ); Sun, 23 Apr 2017 04:16:11 -0400 X-Session-Marker: 6A6F6540706572636865732E636F6D X-Spam-Summary: 2,0,0,,d41d8cd98f00b204,joe@perches.com,:::::::::::,RULES_HIT:41:355:379:541:599:988:989:1260:1277:1311:1313:1314:1345:1359:1373:1437:1515:1516:1518:1534:1541:1593:1594:1711:1730:1747:1777:1792:2393:2553:2559:2562:2691:2693:2828:3138:3139:3140:3141:3142:3151:3353:3622:3865:3866:3867:3868:3870:3871:3872:3873:3874:4250:4321:5007:8957:10004:10400:10848:11026:11232:11658:11914:12438:12740:12760:12895:13069:13149:13230:13311:13357:13439:14096:14097:14180:14659:14721:21080:21212:21220:21324:21433:21600:30054:30069:30070:30090:30091,0,RBL:none,CacheIP:none,Bayesian:0.5,0.5,0.5,Netcheck:none,DomainCache:0,MSF:not bulk,SPF:,MSBL:0,DNSBL:none,Custom_rules:0:0:0,LFtime:2,LUA_SUMMARY:none X-HE-Tag: egg08_354eb2ad65c22 X-Filterd-Recvd-Size: 2310 Message-ID: <1492935365.30293.45.camel@perches.com> Subject: Re: [PATCH 1/1] tipc: check return value of nlmsg_new From: Joe Perches To: PanBian Cc: Ying Xue , "David S. Miller" , netdev@vger.kernel.org, tipc-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org Date: Sun, 23 Apr 2017 01:16:05 -0700 In-Reply-To: <20170423080027.GA843@bp> References: <1492931359-25004-1-git-send-email-bianpan2016@163.com> <1492931836.30293.43.camel@perches.com> <20170423080027.GA843@bp> Content-Type: text/plain; charset="ISO-8859-1" X-Mailer: Evolution 3.22.6-1ubuntu1 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 2017-04-23 at 16:00 +0800, PanBian wrote: > On Sun, Apr 23, 2017 at 12:17:16AM -0700, Joe Perches wrote: > > On Sun, 2017-04-23 at 15:09 +0800, Pan Bian wrote: > > > Function nlmsg_new() will return a NULL pointer if there is no enough > > > memory, and its return value should be checked before it is used. > > > However, in function tipc_nl_node_get_monitor(), the validation of the > > > return value of function nlmsg_new() is missed. This patch fixes the > > > bug. > > > > Hello. > > > > Thanks for the patches. > > > > Are you finding these via a tool or inspection? > > > > If a tool is being used, could you please describe it? > > > > Yes. I developed a tool to find this kind of bugs. > > The detecting idea is simple. In large systems like the Linux kernel, > most implementations are correct, and incorrect ones are rare. Based on > this observation, we take programs that have different implementations > with others as bugs. For example, in most cases, the return vlaue of > nlmsg_new() is validated and it will not be passed to genlmsg_reply() if > its value is NULL. However, in function tipc_nl_node_get_monitor(), the > validation is missing. The abnormal behavior leads us to believe that > there is a bug. Perhaps adding __must_check to some of the appropriate function declarations/prototypes would help avoid new future misuses.