From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [nft PATCH 3/4] segtree: Fix for potential NULL-pointer deref in ei_insert()
Date: Mon, 27 Jan 2020 14:24:48 +0100 [thread overview]
Message-ID: <20200127132448.GC28318@orbyte.nwl.cc> (raw)
In-Reply-To: <20200121125612.6kmvuazs6bmarhir@salvia>
Hi Pablo,
On Tue, Jan 21, 2020 at 01:56:12PM +0100, Pablo Neira Ayuso wrote:
> On Mon, Jan 20, 2020 at 05:25:39PM +0100, Phil Sutter wrote:
> > Covscan complained about potential deref of NULL 'lei' pointer,
> > Interestingly this can't happen as the relevant goto leading to that
> > (in line 260) sits in code checking conflicts between new intervals and
> > since those are sorted upon insertion, only the lower boundary may
> > conflict (or both, but that's covered before).
> >
> > Given the needed investigation to proof covscan wrong and the actually
> > wrong (but impossible) code, better fix this as if element ordering was
> > arbitrary to avoid surprises if at some point it really becomes that.
> >
> > Fixes: 4d6ad0f310d6c ("segtree: check for overlapping elements at insertion")
>
> Not fixing anything. Tell them to fix covscan :-)
Well, I guess covscan is simply not intelligent enough to detect the
impact of previous element sorting. :)
Please see my follow-up series which changes the code to actually make
use of the sorted input data. As noted in its cover letter, the code may
change again if we implement merging new with existing elements.
Depending on actual implementation, a completely different logic may be
required then since "changed" existing elements have to be recorded (so
their original version is removed from kernel).
Cheers, Phil
next prev parent reply other threads:[~2020-01-27 13:24 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-20 16:25 [nft PATCH 0/4] Fixes for a recent covscan run Phil Sutter
2020-01-20 16:25 ` [nft PATCH 1/4] netlink: Fix leak in unterminated string deserializer Phil Sutter
2020-01-21 12:55 ` Pablo Neira Ayuso
2020-01-20 16:25 ` [nft PATCH 2/4] netlink: Fix leaks in netlink_parse_cmp() Phil Sutter
2020-01-21 12:55 ` Pablo Neira Ayuso
2020-01-20 16:25 ` [nft PATCH 3/4] segtree: Fix for potential NULL-pointer deref in ei_insert() Phil Sutter
2020-01-21 12:56 ` Pablo Neira Ayuso
2020-01-27 13:24 ` Phil Sutter [this message]
2020-02-21 22:07 ` Phil Sutter
2020-01-20 16:25 ` [nft PATCH 4/4] netlink: Avoid potential NULL-pointer deref in netlink_gen_payload_stmt() Phil Sutter
2020-01-21 12:57 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200127132448.GC28318@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).