From: Navid Emamdoost <navid.emamdoost@gmail.com>
To: Michal Kubecek <mkubecek@suse.cz>
Cc: Josef Bacik <josef@toxicpanda.com>, Kangjie Lu <kjlu@umn.edu>,
Stephen McCamant <smccaman@umn.edu>,
secalert@redhat.com, Navid Emamdoost <emamd001@umn.edu>,
Jens Axboe <axboe@kernel.dk>,
linux-block@vger.kernel.org, nbd@other.debian.org,
LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] nbd_genl_status: null check for nla_nest_start
Date: Wed, 16 Oct 2019 21:17:21 -0500 [thread overview]
Message-ID: <CAEkB2ES8rc4kkPwA+okfMa9CpFoDqmt=tx8H8vHZKBCfw9L_tg@mail.gmail.com> (raw)
In-Reply-To: <20190910113521.GA9895@unicorn.suse.cz>
Hi Michal, please check v3 at https://lore.kernel.org/patchwork/patch/1126650/
Thanks,
Navid.
On Tue, Sep 10, 2019 at 6:35 AM Michal Kubecek <mkubecek@suse.cz> wrote:
>
> (Just stumbled upon this patch when link to it came with a CVE bug report.)
>
> On Mon, Jul 29, 2019 at 11:42:26AM -0500, Navid Emamdoost wrote:
> > nla_nest_start may fail and return NULL. The check is inserted, and
> > errno is selected based on other call sites within the same source code.
> > Update: removed extra new line.
> >
> > Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
> > Reviewed-by: Bob Liu <bob.liu@oracle.com>
> > ---
> > drivers/block/nbd.c | 5 +++++
> > 1 file changed, 5 insertions(+)
> >
> > diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
> > index 9bcde2325893..2410812d1e82 100644
> > --- a/drivers/block/nbd.c
> > +++ b/drivers/block/nbd.c
> > @@ -2149,6 +2149,11 @@ static int nbd_genl_status(struct sk_buff *skb, struct genl_info *info)
> > }
> >
> > dev_list = nla_nest_start_noflag(reply, NBD_ATTR_DEVICE_LIST);
> > + if (!dev_list) {
> > + ret = -EMSGSIZE;
> > + goto out;
> > + }
> > +
> > if (index == -1) {
> > ret = idr_for_each(&nbd_index_idr, &status_cb, reply);
> > if (ret) {
>
> You should also call nlmsg_free(reply) when you bail out so that you
> don't introduce a memory leak.
>
> Michal Kubecek
--
Navid.
next prev parent reply other threads:[~2019-10-17 2:17 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-23 23:01 [PATCH] nbd_genl_status: null check for nla_nest_start Navid Emamdoost
2019-07-29 13:09 ` Josef Bacik
2019-07-29 16:42 ` [PATCH v2] " Navid Emamdoost
2019-07-30 5:52 ` [engineering.redhat.com #494735] Re: [PATCH] " Red Hat Product Security
2019-07-30 6:05 ` [PATCH v2] " Bob Liu
2019-09-10 11:35 ` Michal Kubecek
2019-09-11 16:40 ` [PATCH v3] " Navid Emamdoost
2019-10-21 6:42 ` Michal Kubecek
2021-04-14 3:05 ` Mark-PK Tsai
2019-10-17 2:17 ` Navid Emamdoost [this message]
2019-10-17 19:37 ` [engineering.redhat.com #498403] Re: [PATCH v2] " Red Hat Product Security
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEkB2ES8rc4kkPwA+okfMa9CpFoDqmt=tx8H8vHZKBCfw9L_tg@mail.gmail.com' \
--to=navid.emamdoost@gmail.com \
--cc=axboe@kernel.dk \
--cc=emamd001@umn.edu \
--cc=josef@toxicpanda.com \
--cc=kjlu@umn.edu \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mkubecek@suse.cz \
--cc=nbd@other.debian.org \
--cc=secalert@redhat.com \
--cc=smccaman@umn.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.