* Re: likely invalid CVE assignment for commit 95baa60a0da80a0143e3ddd4d3725758b4513825
[not found] <20190605092029.GB19508@suse.de>
@ 2019-06-06 7:55 ` Marcus Meissner
2019-06-06 8:06 ` Gen Zhang
0 siblings, 1 reply; 2+ messages in thread
From: Marcus Meissner @ 2019-06-06 7:55 UTC (permalink / raw)
To: wmealing, blackgod016574, netdev
Hi,
Dave does not like private-only emails, so again for netdev list:
On Wed, Jun 05, 2019 at 11:20:29AM +0200, Marcus Meissner wrote:
> Hi Gen Zhang,
>
> looking at https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95baa60a0da80a0143e3ddd4d3725758b4513825
>
> ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()
> In function ip6_ra_control(), the pointer new_ra is allocated a memory
> space via kmalloc(). And it is used in the following codes. However,
> when there is a memory allocation error, kmalloc() fails. Thus null
> pointer dereference may happen. And it will cause the kernel to crash.
> Therefore, we should check the return value and handle the error.
>
> There seems to be no case in current GIT where new_ra is being dereferenced even if it
> is NULL (kfree(NULL) will work fine).
>
> Was this just an assumption based on insufficient code review, or was there a real
> crash observed and how?
The reporter had replied privately that he was only doing a code audit.
We (Redhat and SUSE) wonder if this fix is needed at all.
Ciao, Marcus
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: likely invalid CVE assignment for commit 95baa60a0da80a0143e3ddd4d3725758b4513825
2019-06-06 7:55 ` likely invalid CVE assignment for commit 95baa60a0da80a0143e3ddd4d3725758b4513825 Marcus Meissner
@ 2019-06-06 8:06 ` Gen Zhang
0 siblings, 0 replies; 2+ messages in thread
From: Gen Zhang @ 2019-06-06 8:06 UTC (permalink / raw)
To: Marcus Meissner; +Cc: wmealing, netdev
On Thu, Jun 06, 2019 at 09:55:07AM +0200, Marcus Meissner wrote:
> Hi,
>
> Dave does not like private-only emails, so again for netdev list:
>
> On Wed, Jun 05, 2019 at 11:20:29AM +0200, Marcus Meissner wrote:
> > Hi Gen Zhang,
> >
> > looking at https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=95baa60a0da80a0143e3ddd4d3725758b4513825
> >
> > ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()
> > In function ip6_ra_control(), the pointer new_ra is allocated a memory
> > space via kmalloc(). And it is used in the following codes. However,
> > when there is a memory allocation error, kmalloc() fails. Thus null
> > pointer dereference may happen. And it will cause the kernel to crash.
> > Therefore, we should check the return value and handle the error.
> >
> > There seems to be no case in current GIT where new_ra is being dereferenced even if it
> > is NULL (kfree(NULL) will work fine).
> >
> > Was this just an assumption based on insufficient code review, or was there a real
> > crash observed and how?
>
> The reporter had replied privately that he was only doing a code audit.
Thanks again for your concerns of this patch.
It is not exactly that. This comes from a static analysis research
prototype. And I think it is different from 'only doing code audit'.
Thanks
Gen
>
> We (Redhat and SUSE) wonder if this fix is needed at all.
>
> Ciao, Marcus
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-06-06 8:07 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <20190605092029.GB19508@suse.de>
2019-06-06 7:55 ` likely invalid CVE assignment for commit 95baa60a0da80a0143e3ddd4d3725758b4513825 Marcus Meissner
2019-06-06 8:06 ` Gen Zhang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).