[PATCH -next] mISDN: hfcsusb: Fix potential NULL pointer dereference

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH -next] mISDN: hfcsusb: Fix potential NULL pointer dereference
@ 2019-01-30 10:19 YueHaibing
  2019-01-30 18:10 ` David Miller
  0 siblings, 1 reply; 4+ messages in thread
From: YueHaibing @ 2019-01-30 10:19 UTC (permalink / raw)
  To: isdn, davem, gustavo, bigeasy; +Cc: linux-kernel, netdev, YueHaibing

There is a potential NULL pointer dereference in case
kzalloc() fails and returns NULL.

Fixes: 69f52adb2d53 ("mISDN: Add HFC USB driver")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
---
 drivers/isdn/hardware/mISDN/hfcsusb.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
index 124ff53..5660d5a 100644
--- a/drivers/isdn/hardware/mISDN/hfcsusb.c
+++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
@@ -263,6 +263,8 @@ hfcsusb_ph_info(struct hfcsusb *hw)
 	int i;
 
 	phi = kzalloc(struct_size(phi, bch, dch->dev.nrbchan), GFP_ATOMIC);
+	if (!phi)
+		return;
 	phi->dch.ch.protocol = hw->protocol;
 	phi->dch.ch.Flags = dch->Flags;
 	phi->dch.state = dch->state;
-- 
2.7.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH -next] mISDN: hfcsusb: Fix potential NULL pointer dereference
  2019-01-30 10:19 [PATCH -next] mISDN: hfcsusb: Fix potential NULL pointer dereference YueHaibing
@ 2019-01-30 18:10 ` David Miller
  2019-01-31  9:41   ` YueHaibing
  0 siblings, 1 reply; 4+ messages in thread
From: David Miller @ 2019-01-30 18:10 UTC (permalink / raw)
  To: yuehaibing; +Cc: isdn, gustavo, bigeasy, linux-kernel, netdev

From: YueHaibing <yuehaibing@huawei.com>
Date: Wed, 30 Jan 2019 18:19:02 +0800

> There is a potential NULL pointer dereference in case
> kzalloc() fails and returns NULL.
> 
> Fixes: 69f52adb2d53 ("mISDN: Add HFC USB driver")
> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
> ---
>  drivers/isdn/hardware/mISDN/hfcsusb.c | 2 ++
>  1 file changed, 2 insertions(+)
> 
> diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
> index 124ff53..5660d5a 100644
> --- a/drivers/isdn/hardware/mISDN/hfcsusb.c
> +++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
> @@ -263,6 +263,8 @@ hfcsusb_ph_info(struct hfcsusb *hw)
>  	int i;
>  
>  	phi = kzalloc(struct_size(phi, bch, dch->dev.nrbchan), GFP_ATOMIC);
> +	if (!phi)
> +		return;

If we fail with an error and do not perform the operation we were requested to
make, we must return an error to the caller, and the caller must do something
reasonable with that error (perhaps return it to it's caller) and so on and
so forth.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH -next] mISDN: hfcsusb: Fix potential NULL pointer dereference
  2019-01-30 18:10 ` David Miller
@ 2019-01-31  9:41   ` YueHaibing
  2019-01-31 17:25     ` David Miller
  0 siblings, 1 reply; 4+ messages in thread
From: YueHaibing @ 2019-01-31  9:41 UTC (permalink / raw)
  To: David Miller; +Cc: isdn, gustavo, bigeasy, linux-kernel, netdev

On 2019/1/31 2:10, David Miller wrote:
> From: YueHaibing <yuehaibing@huawei.com>
> Date: Wed, 30 Jan 2019 18:19:02 +0800
> 
>> There is a potential NULL pointer dereference in case
>> kzalloc() fails and returns NULL.
>>
>> Fixes: 69f52adb2d53 ("mISDN: Add HFC USB driver")
>> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
>> ---
>>  drivers/isdn/hardware/mISDN/hfcsusb.c | 2 ++
>>  1 file changed, 2 insertions(+)
>>
>> diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
>> index 124ff53..5660d5a 100644
>> --- a/drivers/isdn/hardware/mISDN/hfcsusb.c
>> +++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
>> @@ -263,6 +263,8 @@ hfcsusb_ph_info(struct hfcsusb *hw)
>>  	int i;
>>  
>>  	phi = kzalloc(struct_size(phi, bch, dch->dev.nrbchan), GFP_ATOMIC);
>> +	if (!phi)
>> +		return;
> 
> If we fail with an error and do not perform the operation we were requested to
> make, we must return an error to the caller, and the caller must do something
> reasonable with that error (perhaps return it to it's caller) and so on and
> so forth.


hfcsusb_ph_info alloced the 'phi'，then use it _alloc_mISDN_skb in _queue_data.
while _alloc_mISDN_skb fails, it also just return without err handling,then kfree(phi).
It seems that all the caller of hfcsusb_ph_info doesn't care the return value.

> 
> .
> 


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH -next] mISDN: hfcsusb: Fix potential NULL pointer dereference
  2019-01-31  9:41   ` YueHaibing
@ 2019-01-31 17:25     ` David Miller
  0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2019-01-31 17:25 UTC (permalink / raw)
  To: yuehaibing; +Cc: isdn, gustavo, bigeasy, linux-kernel, netdev

From: YueHaibing <yuehaibing@huawei.com>
Date: Thu, 31 Jan 2019 17:41:46 +0800

> On 2019/1/31 2:10, David Miller wrote:
>> From: YueHaibing <yuehaibing@huawei.com>
>> Date: Wed, 30 Jan 2019 18:19:02 +0800
>> 
>>> There is a potential NULL pointer dereference in case
>>> kzalloc() fails and returns NULL.
>>>
>>> Fixes: 69f52adb2d53 ("mISDN: Add HFC USB driver")
>>> Signed-off-by: YueHaibing <yuehaibing@huawei.com>
>>> ---
>>>  drivers/isdn/hardware/mISDN/hfcsusb.c | 2 ++
>>>  1 file changed, 2 insertions(+)
>>>
>>> diff --git a/drivers/isdn/hardware/mISDN/hfcsusb.c b/drivers/isdn/hardware/mISDN/hfcsusb.c
>>> index 124ff53..5660d5a 100644
>>> --- a/drivers/isdn/hardware/mISDN/hfcsusb.c
>>> +++ b/drivers/isdn/hardware/mISDN/hfcsusb.c
>>> @@ -263,6 +263,8 @@ hfcsusb_ph_info(struct hfcsusb *hw)
>>>  	int i;
>>>  
>>>  	phi = kzalloc(struct_size(phi, bch, dch->dev.nrbchan), GFP_ATOMIC);
>>> +	if (!phi)
>>> +		return;
>> 
>> If we fail with an error and do not perform the operation we were requested to
>> make, we must return an error to the caller, and the caller must do something
>> reasonable with that error (perhaps return it to it's caller) and so on and
>> so forth.
> 
> 
> hfcsusb_ph_info alloced the 'phi'，then use it _alloc_mISDN_skb in _queue_data.
> while _alloc_mISDN_skb fails, it also just return without err handling,then kfree(phi).
> It seems that all the caller of hfcsusb_ph_info doesn't care the return value.

And that's a bug!

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2019-01-31 17:26 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-30 10:19 [PATCH -next] mISDN: hfcsusb: Fix potential NULL pointer dereference YueHaibing
2019-01-30 18:10 ` David Miller
2019-01-31  9:41   ` YueHaibing
2019-01-31 17:25     ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).