From: Thomas Dillig <tdillig@stanford.edu>
To: Daniel Drake <dsd@gentoo.org>
Cc: linux-kernel@vger.kernel.org
Subject: Re: softmac possible null deref [was: Complete report of Null dereference errors in kernel 2.6.17.1]
Date: Mon, 24 Jul 2006 17:00:08 -0700 [thread overview]
Message-ID: <44C55F08.6060504@stanford.edu> (raw)
In-Reply-To: <44C55F57.8040805@gentoo.org>
>
> Either I'm misunderstanding, or this is bogus.
>
> when *pkt is allocated by the various child functions (e.g.
> ieee80211softmac_disassoc_deauth), it is always checked for NULL
> before being used.
>
> Finally, line 453 does another NULL check, so that any failures
> generated above are handled appropriately.
>
> What is the report trying to say?
>
> Daniel
>
> -
> To unsubscribe from this list: send the line "unsubscribe
> linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
Hi,
At least in 2.6.17.1, the function looks as follows:
/* Create an rts/cts frame */
445 static u32
446 ieee80211softmac_rts_cts(struct ieee80211_hdr_2addr **pkt,
447 struct ieee80211softmac_device *mac, struct
ieee80211softmac_network *net,
448 u32 type)
449 {
450 /* Allocate Packet */
451 (*pkt) = kmalloc(IEEE80211_2ADDR_LEN, GFP_ATOMIC);
452 memset(*pkt, 0, IEEE80211_2ADDR_LEN); //*pkt is not checked
for NULL
453 if((*pkt) == NULL) //*pkt is checked for NULL
454 return 0;
455 ieee80211softmac_hdr_2addr(mac, (*pkt), type, net->bssid);
456 return IEEE80211_2ADDR_LEN;
457 }
The report is just trying to say that "*pkt" is dereferenced inside the
call to "memset" and checked for being null one line later.
I hope this clarifies the message,
-Tom
next prev parent reply other threads:[~2006-07-25 0:00 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-07-24 23:10 Complete report of Null dereference errors in kernel 2.6.17.1 Tom Walter Dillig
2006-07-25 0:00 ` softmac possible null deref [was: Complete report of Null dereference errors in kernel 2.6.17.1] Daniel Drake
2006-07-25 0:12 ` Stephen Hemminger
2006-07-25 0:01 ` Daniel Drake
2006-07-25 0:00 ` Thomas Dillig [this message]
2006-07-25 6:20 ` Johannes Weiner
2006-07-26 13:11 ` Daniel Drake
2006-07-29 17:46 ` Complete report of Null dereference errors in kernel 2.6.17.1 Stefan Richter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=44C55F08.6060504@stanford.edu \
--to=tdillig@stanford.edu \
--cc=dsd@gentoo.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).