* potential null dereference in proto_register()
@ 2009-06-02 8:50 Dan Carpenter
2009-06-02 9:54 ` David Miller
0 siblings, 1 reply; 3+ messages in thread
From: Dan Carpenter @ 2009-06-02 8:50 UTC (permalink / raw)
To: netdev
There is a potential null dereference in proto_register()
from net/core/sock.c
prot->rsk_prot can be null on line 2161 but we dereference it on line
2167.
2161 out_free_request_sock_slab:
2162 if (prot->rsk_prot && prot->rsk_prot->slab) {
2163 kmem_cache_destroy(prot->rsk_prot->slab);
2164 prot->rsk_prot->slab = NULL;
2165 }
2166 out_free_request_sock_slab_name:
2167 kfree(prot->rsk_prot->slab_name);
Found by smatch.
regards,
dan carpenter
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: potential null dereference in proto_register()
2009-06-02 8:50 potential null dereference in proto_register() Dan Carpenter
@ 2009-06-02 9:54 ` David Miller
2009-06-03 11:47 ` Jarek Poplawski
0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2009-06-02 9:54 UTC (permalink / raw)
To: error27; +Cc: netdev
From: Dan Carpenter <error27@gmail.com>
Date: Tue, 2 Jun 2009 11:50:52 +0300 (EAT)
> There is a potential null dereference in proto_register()
> from net/core/sock.c
>
> prot->rsk_prot can be null on line 2161 but we dereference it on line
> 2167.
>
> 2161 out_free_request_sock_slab:
> 2162 if (prot->rsk_prot && prot->rsk_prot->slab) {
> 2163 kmem_cache_destroy(prot->rsk_prot->slab);
> 2164 prot->rsk_prot->slab = NULL;
> 2165 }
> 2166 out_free_request_sock_slab_name:
> 2167 kfree(prot->rsk_prot->slab_name);
>
> Found by smatch.
This won't ever happen because a protocol that provides a twsk_prot
has to provide a rsk_prot too.
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: potential null dereference in proto_register()
2009-06-02 9:54 ` David Miller
@ 2009-06-03 11:47 ` Jarek Poplawski
0 siblings, 0 replies; 3+ messages in thread
From: Jarek Poplawski @ 2009-06-03 11:47 UTC (permalink / raw)
To: David Miller; +Cc: error27, netdev
On 02-06-2009 11:54, David Miller wrote:
> From: Dan Carpenter <error27@gmail.com>
> Date: Tue, 2 Jun 2009 11:50:52 +0300 (EAT)
>
>> There is a potential null dereference in proto_register()
>> from net/core/sock.c
>>
>> prot->rsk_prot can be null on line 2161 but we dereference it on line
>> 2167.
>>
>> 2161 out_free_request_sock_slab:
>> 2162 if (prot->rsk_prot && prot->rsk_prot->slab) {
>> 2163 kmem_cache_destroy(prot->rsk_prot->slab);
>> 2164 prot->rsk_prot->slab = NULL;
>> 2165 }
>> 2166 out_free_request_sock_slab_name:
>> 2167 kfree(prot->rsk_prot->slab_name);
>>
>> Found by smatch.
>
> This won't ever happen because a protocol that provides a twsk_prot
> has to provide a rsk_prot too.
Then, according to smatch, we should change it:
- if (prot->rsk_prot && prot->rsk_prot->slab) {
+ if (prot->rsk_prot->slab) {
Jarek P.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2009-06-03 11:47 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2009-06-02 8:50 potential null dereference in proto_register() Dan Carpenter
2009-06-02 9:54 ` David Miller
2009-06-03 11:47 ` Jarek Poplawski
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.