Re: softmac possible null deref [was: Complete report of Null dereference errors in kernel 2.6.17.1]

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Thomas Dillig <tdillig@stanford.edu>
To: Daniel Drake <dsd@gentoo.org>
Cc: linux-kernel@vger.kernel.org
Subject: Re: softmac possible null deref [was: Complete report of Null dereference errors in kernel 2.6.17.1]
Date: Mon, 24 Jul 2006 17:00:08 -0700	[thread overview]
Message-ID: <44C55F08.6060504@stanford.edu> (raw)
In-Reply-To: <44C55F57.8040805@gentoo.org>



>
> Either I'm misunderstanding, or this is bogus.
>
> when *pkt is allocated by the various child functions (e.g. 
> ieee80211softmac_disassoc_deauth), it is always checked for NULL 
> before being used.
>
> Finally, line 453 does another NULL check, so that any failures 
> generated above are handled appropriately.
>
> What is the report trying to say?
>
> Daniel
>
> -
> To unsubscribe from this list: send the line "unsubscribe 
> linux-kernel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>
Hi,

At least in 2.6.17.1, the function looks as follows:

 /* Create an rts/cts frame */
445 static u32
446 ieee80211softmac_rts_cts(struct ieee80211_hdr_2addr **pkt,
447         struct ieee80211softmac_device *mac, struct 
ieee80211softmac_network *net,
448         u32 type)
449 {
450         /* Allocate Packet */
451         (*pkt) = kmalloc(IEEE80211_2ADDR_LEN, GFP_ATOMIC);     
452         memset(*pkt, 0, IEEE80211_2ADDR_LEN); //*pkt is not checked 
for NULL
453         if((*pkt) == NULL) //*pkt is checked for NULL
454                 return 0;
455         ieee80211softmac_hdr_2addr(mac, (*pkt), type, net->bssid);
456         return IEEE80211_2ADDR_LEN;
457 }

The report is just trying to say that "*pkt" is dereferenced inside the 
call to "memset" and checked for being null one line later.

I hope this clarifies the message,
-Tom

next prev parent reply	other threads:[~2006-07-25  0:00 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-07-24 23:10 Complete report of Null dereference errors in kernel 2.6.17.1 Tom Walter Dillig
2006-07-25  0:00 ` softmac possible null deref [was: Complete report of Null dereference errors in kernel 2.6.17.1] Daniel Drake
2006-07-25  0:12   ` Stephen Hemminger
2006-07-25  0:01 ` Daniel Drake
2006-07-25  0:00   ` Thomas Dillig [this message]
2006-07-25  6:20     ` Johannes Weiner
2006-07-26 13:11     ` Daniel Drake
2006-07-29 17:46 ` Complete report of Null dereference errors in kernel 2.6.17.1 Stefan Richter

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=44C55F08.6060504@stanford.edu \
    --to=tdillig@stanford.edu \
    --cc=dsd@gentoo.org \
    --cc=linux-kernel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.