potential NULL dereference in sysfs_merge

All of lore.kernel.org
 help / color / mirror / Atom feed

* potential NULL dereference in sysfs_merge_group()
@ 2010-10-24 21:55 Dan Carpenter
  2010-10-25  1:43 ` Alan Stern
  0 siblings, 1 reply; 2+ messages in thread
From: Dan Carpenter @ 2010-10-24 21:55 UTC (permalink / raw)
  To: kernel-janitors

Hi Alan,

There is a bug in sysfs_merge_group() where it doesn't handle a NULL
grp parameter properly.  The only caller in the kernel passes in a valid
grp pointer so it doesn't affect anything yet.

fs/sysfs/group.c +175 sysfs_merge_group(15)
	error: we previously assumed 'grp' could be null.
   168		if (grp)
                    ^^^
	assumes that grp can be NULL.

   169			dir_sd = sysfs_get_dirent(kobj->sd, NULL, grp->name);
   170		else
   171			dir_sd = sysfs_get(kobj->sd);
   172		if (!dir_sd)
   173			return -ENOENT;
   174	
   175		for ((i = 0, attr = grp->attrs); *attr && !error; (++i, ++attr))
                                    ^^^^^
	grp is dereferenced here.

   176			error = sysfs_add_file(dir_sd, *attr, SYSFS_KOBJ_ATTR);

I'm not sure how you want to handle this.

regards,
dan carpenter

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: potential NULL dereference in sysfs_merge_group()
  2010-10-24 21:55 potential NULL dereference in sysfs_merge_group() Dan Carpenter
@ 2010-10-25  1:43 ` Alan Stern
  0 siblings, 0 replies; 2+ messages in thread
From: Alan Stern @ 2010-10-25  1:43 UTC (permalink / raw)
  To: kernel-janitors

On Sun, 24 Oct 2010, Dan Carpenter wrote:

> Hi Alan,
> 
> There is a bug in sysfs_merge_group() where it doesn't handle a NULL
> grp parameter properly.  The only caller in the kernel passes in a valid
> grp pointer so it doesn't affect anything yet.
> 
> fs/sysfs/group.c +175 sysfs_merge_group(15)
> 	error: we previously assumed 'grp' could be null.
>    168		if (grp)
>                     ^^^
> 	assumes that grp can be NULL.
> 
>    169			dir_sd = sysfs_get_dirent(kobj->sd, NULL, grp->name);
>    170		else
>    171			dir_sd = sysfs_get(kobj->sd);
>    172		if (!dir_sd)
>    173			return -ENOENT;
>    174	
>    175		for ((i = 0, attr = grp->attrs); *attr && !error; (++i, ++attr))
>                                     ^^^^^
> 	grp is dereferenced here.
> 
>    176			error = sysfs_add_file(dir_sd, *attr, SYSFS_KOBJ_ATTR);
> 
> I'm not sure how you want to handle this.

You're right, and I'm embarrassed not to have seen it before.

Since there's no point in calling this function if there are no 
attributes, we should require that grp always be non-NULL.  The initial 
test can be removed.  The same is true for sysfs_unmerge_group().

Alan Stern


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2010-10-25  1:43 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-10-24 21:55 potential NULL dereference in sysfs_merge_group() Dan Carpenter
2010-10-25  1:43 ` Alan Stern

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.