All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2] ipmi: Fix NULL pointer dereference in ssif_probe
@ 2018-08-31 15:00 Gustavo A. R. Silva
  2018-08-31 19:15 ` Corey Minyard
  0 siblings, 1 reply; 3+ messages in thread
From: Gustavo A. R. Silva @ 2018-08-31 15:00 UTC (permalink / raw)
  To: Corey Minyard, Arnd Bergmann, Greg Kroah-Hartman
  Cc: openipmi-developer, linux-kernel, Gustavo A. R. Silva

There is a potential execution path in which function ssif_info_find()
returns NULL, hence there is a NULL pointer dereference when accessing
pointer *addr_info*

Fix this by null checking *addr_info* before dereferencing it.

Addresses-Coverity-ID: 1473145 ("Explicit null dereferenced")
Fixes: e333054a91d1 ("ipmi: Fix I2C client removal in the SSIF driver")
Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
---
Changes in v2:
 - Fix typo in commit log.

 drivers/char/ipmi/ipmi_ssif.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index 2ff3679..764d305 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -1641,7 +1641,9 @@ static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
 
  out:
 	if (rv) {
-		addr_info->client = NULL;
+		if (addr_info)
+			addr_info->client = NULL;
+
 		dev_err(&client->dev, "Unable to start IPMI SSIF: %d\n", rv);
 		kfree(ssif_info);
 	}
-- 
2.7.4


^ permalink raw reply related	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] ipmi: Fix NULL pointer dereference in ssif_probe
  2018-08-31 15:00 [PATCH v2] ipmi: Fix NULL pointer dereference in ssif_probe Gustavo A. R. Silva
@ 2018-08-31 19:15 ` Corey Minyard
  2018-08-31 20:49   ` Gustavo A. R. Silva
  0 siblings, 1 reply; 3+ messages in thread
From: Corey Minyard @ 2018-08-31 19:15 UTC (permalink / raw)
  To: Gustavo A. R. Silva, Arnd Bergmann, Greg Kroah-Hartman
  Cc: openipmi-developer, linux-kernel

On 08/31/2018 10:00 AM, Gustavo A. R. Silva wrote:
> There is a potential execution path in which function ssif_info_find()
> returns NULL, hence there is a NULL pointer dereference when accessing
> pointer *addr_info*
>
> Fix this by null checking *addr_info* before dereferencing it.

Thanks for catching this quickly, before it went out.  It's merged into 
my next tree.

-corey

> Addresses-Coverity-ID: 1473145 ("Explicit null dereferenced")
> Fixes: e333054a91d1 ("ipmi: Fix I2C client removal in the SSIF driver")
> Signed-off-by: Gustavo A. R. Silva <gustavo@embeddedor.com>
> ---
> Changes in v2:
>   - Fix typo in commit log.
>
>   drivers/char/ipmi/ipmi_ssif.c | 4 +++-
>   1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
> index 2ff3679..764d305 100644
> --- a/drivers/char/ipmi/ipmi_ssif.c
> +++ b/drivers/char/ipmi/ipmi_ssif.c
> @@ -1641,7 +1641,9 @@ static int ssif_probe(struct i2c_client *client, const struct i2c_device_id *id)
>   
>    out:
>   	if (rv) {
> -		addr_info->client = NULL;
> +		if (addr_info)
> +			addr_info->client = NULL;
> +
>   		dev_err(&client->dev, "Unable to start IPMI SSIF: %d\n", rv);
>   		kfree(ssif_info);
>   	}



^ permalink raw reply	[flat|nested] 3+ messages in thread
* Re: [PATCH v2] ipmi: Fix NULL pointer dereference in ssif_probe
  2018-08-31 19:15 ` Corey Minyard
@ 2018-08-31 20:49   ` Gustavo A. R. Silva
  0 siblings, 0 replies; 3+ messages in thread
From: Gustavo A. R. Silva @ 2018-08-31 20:49 UTC (permalink / raw)
  To: minyard, Arnd Bergmann, Greg Kroah-Hartman
  Cc: openipmi-developer, linux-kernel



On 8/31/18 2:15 PM, Corey Minyard wrote:
> On 08/31/2018 10:00 AM, Gustavo A. R. Silva wrote:
>> There is a potential execution path in which function ssif_info_find()
>> returns NULL, hence there is a NULL pointer dereference when accessing
>> pointer *addr_info*
>>
>> Fix this by null checking *addr_info* before dereferencing it.
> 
> Thanks for catching this quickly, before it went out.  It's merged into my next tree.
> 

Glad to help. :)

Thanks
--
Gustavo

^ permalink raw reply	[flat|nested] 3+ messages in thread
end of thread, other threads:[~2018-08-31 20:50 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-31 15:00 [PATCH v2] ipmi: Fix NULL pointer dereference in ssif_probe Gustavo A. R. Silva
2018-08-31 19:15 ` Corey Minyard
2018-08-31 20:49   ` Gustavo A. R. Silva

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.