* [PATCH 6/6] drivers/net/pppol2tp.c: remove null pointer dereference
@ 2008-05-12 13:39 ` Julia Lawall
0 siblings, 0 replies; 6+ messages in thread
From: Julia Lawall @ 2008-05-12 13:39 UTC (permalink / raw)
To: jchapman, linux-kernel, kernel-janitors
From: Julia Lawall <julia@diku.dk>
If session is NULL, it is not possible to access its name field. So I have
split apart the printing of the error message to drop the printing of the
name field in this case.
This problem was found using the following semantic match
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
expression E, E1;
identifier f;
statement S1,S2,S3;
@@
* if (E = NULL)
{
... when != if (E = NULL) S1 else S2
when != E = E1
* E->f
... when any
return ...;
}
else S3
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
---
diff -u -p a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c
--- linux-2.6/drivers/net/pppol2tp.c 2008-05-09 16:46:57.000000000 +0200
+++ linuxcopy/drivers/net/pppol2tp.c 2008-05-12 15:30:52.000000000 +0200
@@ -1621,9 +1621,16 @@ out_no_ppp:
end:
release_sock(sk);
- if (error != 0)
- PRINTK(session ? session->debug : -1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
- "%s: connect failed: %d\n", session->name, error);
+ if (error != 0) {
+ if (session)
+ PRINTK(session->debug,
+ PPPOL2TP_MSG_CONTROL, KERN_WARNING,
+ "%s: connect failed: %d\n",
+ session->name, error);
+ else
+ PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
+ "connect failed: %d\n", error);
+ }
return error;
}
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 6/6] drivers/net/pppol2tp.c: remove null pointer dereference
@ 2008-05-12 13:39 ` Julia Lawall
0 siblings, 0 replies; 6+ messages in thread
From: Julia Lawall @ 2008-05-12 13:39 UTC (permalink / raw)
To: jchapman, linux-kernel, kernel-janitors
From: Julia Lawall <julia@diku.dk>
If session is NULL, it is not possible to access its name field. So I have
split apart the printing of the error message to drop the printing of the
name field in this case.
This problem was found using the following semantic match
(http://www.emn.fr/x-info/coccinelle/)
// <smpl>
@@
expression E, E1;
identifier f;
statement S1,S2,S3;
@@
* if (E == NULL)
{
... when != if (E == NULL) S1 else S2
when != E = E1
* E->f
... when any
return ...;
}
else S3
// </smpl>
Signed-off-by: Julia Lawall <julia@diku.dk>
---
diff -u -p a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c
--- linux-2.6/drivers/net/pppol2tp.c 2008-05-09 16:46:57.000000000 +0200
+++ linuxcopy/drivers/net/pppol2tp.c 2008-05-12 15:30:52.000000000 +0200
@@ -1621,9 +1621,16 @@ out_no_ppp:
end:
release_sock(sk);
- if (error != 0)
- PRINTK(session ? session->debug : -1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
- "%s: connect failed: %d\n", session->name, error);
+ if (error != 0) {
+ if (session)
+ PRINTK(session->debug,
+ PPPOL2TP_MSG_CONTROL, KERN_WARNING,
+ "%s: connect failed: %d\n",
+ session->name, error);
+ else
+ PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
+ "connect failed: %d\n", error);
+ }
return error;
}
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 6/6] drivers/net/pppol2tp.c: remove null pointer dereference
2008-05-12 13:39 ` Julia Lawall
@ 2008-05-12 17:12 ` James Chapman
-1 siblings, 0 replies; 6+ messages in thread
From: James Chapman @ 2008-05-12 17:12 UTC (permalink / raw)
To: Julia Lawall; +Cc: linux-kernel, kernel-janitors, netdev
Adding netdev to CC list.
Julia Lawall wrote:
> From: Julia Lawall <julia@diku.dk>
>
> If session is NULL, it is not possible to access its name field. So I have
> split apart the printing of the error message to drop the printing of the
> name field in this case.
I suggest add a note in the patch description that this bug will only be
hit if the driver's debug is enabled.
> This problem was found using the following semantic match
> (http://www.emn.fr/x-info/coccinelle/)
>
> // <smpl>
> @@
> expression E, E1;
> identifier f;
> statement S1,S2,S3;
> @@
>
> * if (E = NULL)
> {
> ... when != if (E = NULL) S1 else S2
> when != E = E1
> * E->f
> ... when any
> return ...;
> }
> else S3
> // </smpl>
Perhaps the above text should be in the additional info section of the
patch description?
Since this is a network driver, can you resubmit the patch to netdev?
> Signed-off-by: Julia Lawall <julia@diku.dk>
>
> ---
>
> diff -u -p a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c
> --- linux-2.6/drivers/net/pppol2tp.c 2008-05-09 16:46:57.000000000 +0200
> +++ linuxcopy/drivers/net/pppol2tp.c 2008-05-12 15:30:52.000000000 +0200
> @@ -1621,9 +1621,16 @@ out_no_ppp:
> end:
> release_sock(sk);
>
> - if (error != 0)
> - PRINTK(session ? session->debug : -1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> - "%s: connect failed: %d\n", session->name, error);
> + if (error != 0) {
> + if (session)
> + PRINTK(session->debug,
> + PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> + "%s: connect failed: %d\n",
> + session->name, error);
> + else
> + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> + "connect failed: %d\n", error);
> + }
>
> return error;
> }
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 6/6] drivers/net/pppol2tp.c: remove null pointer dereference
@ 2008-05-12 17:12 ` James Chapman
0 siblings, 0 replies; 6+ messages in thread
From: James Chapman @ 2008-05-12 17:12 UTC (permalink / raw)
To: Julia Lawall; +Cc: linux-kernel, kernel-janitors, netdev
Adding netdev to CC list.
Julia Lawall wrote:
> From: Julia Lawall <julia@diku.dk>
>
> If session is NULL, it is not possible to access its name field. So I have
> split apart the printing of the error message to drop the printing of the
> name field in this case.
I suggest add a note in the patch description that this bug will only be
hit if the driver's debug is enabled.
> This problem was found using the following semantic match
> (http://www.emn.fr/x-info/coccinelle/)
>
> // <smpl>
> @@
> expression E, E1;
> identifier f;
> statement S1,S2,S3;
> @@
>
> * if (E == NULL)
> {
> ... when != if (E == NULL) S1 else S2
> when != E = E1
> * E->f
> ... when any
> return ...;
> }
> else S3
> // </smpl>
Perhaps the above text should be in the additional info section of the
patch description?
Since this is a network driver, can you resubmit the patch to netdev?
> Signed-off-by: Julia Lawall <julia@diku.dk>
>
> ---
>
> diff -u -p a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c
> --- linux-2.6/drivers/net/pppol2tp.c 2008-05-09 16:46:57.000000000 +0200
> +++ linuxcopy/drivers/net/pppol2tp.c 2008-05-12 15:30:52.000000000 +0200
> @@ -1621,9 +1621,16 @@ out_no_ppp:
> end:
> release_sock(sk);
>
> - if (error != 0)
> - PRINTK(session ? session->debug : -1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> - "%s: connect failed: %d\n", session->name, error);
> + if (error != 0) {
> + if (session)
> + PRINTK(session->debug,
> + PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> + "%s: connect failed: %d\n",
> + session->name, error);
> + else
> + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> + "connect failed: %d\n", error);
> + }
>
> return error;
> }
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 6/6] drivers/net/pppol2tp.c: remove null pointer dereference
2008-05-12 17:12 ` James Chapman
@ 2008-05-12 19:00 ` Julia Lawall
-1 siblings, 0 replies; 6+ messages in thread
From: Julia Lawall @ 2008-05-12 19:00 UTC (permalink / raw)
To: James Chapman; +Cc: linux-kernel, kernel-janitors, netdev
On Mon, 12 May 2008, James Chapman wrote:
> Adding netdev to CC list.
>
> Julia Lawall wrote:
> > From: Julia Lawall <julia@diku.dk>
> >
> > If session is NULL, it is not possible to access its name field. So I have
> > split apart the printing of the error message to drop the printing of the
> > name field in this case.
>
> I suggest add a note in the patch description that this bug will only be hit
> if the driver's debug is enabled.
I don't understand the above comment. In both the original and the new
code, if session is NULL, the first argument to PRINTK is -1 and the
second argument is PPPOL2TP_MSG_CONTROL, for which the only definition
seems to be the on in include/linux/if_pppol2tp.h, where it has a non-zero
value. So the test in the definition of PRINTK is non-zero and the print
occurs. Perhaps this is not what is wanted?
julia
> > This problem was found using the following semantic match
> > (http://www.emn.fr/x-info/coccinelle/)
> >
> > // <smpl>
> > @@
> > expression E, E1;
> > identifier f;
> > statement S1,S2,S3;
> > @@
> >
> > * if (E = NULL)
> > {
> > ... when != if (E = NULL) S1 else S2
> > when != E = E1
> > * E->f
> > ... when any
> > return ...;
> > }
> > else S3
> > // </smpl>
>
> Perhaps the above text should be in the additional info section of the patch
> description?
>
> Since this is a network driver, can you resubmit the patch to netdev?
>
> > Signed-off-by: Julia Lawall <julia@diku.dk>
> >
> > ---
> >
> > diff -u -p a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c
> > --- linux-2.6/drivers/net/pppol2tp.c 2008-05-09 16:46:57.000000000 +0200
> > +++ linuxcopy/drivers/net/pppol2tp.c 2008-05-12 15:30:52.000000000 +0200
> > @@ -1621,9 +1621,16 @@ out_no_ppp:
> > end:
> > release_sock(sk);
> >
> > - if (error != 0)
> > - PRINTK(session ? session->debug : -1, PPPOL2TP_MSG_CONTROL,
> > KERN_WARNING,
> > - "%s: connect failed: %d\n", session->name, error);
> > + if (error != 0) {
> > + if (session)
> > + PRINTK(session->debug,
> > + PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> > + "%s: connect failed: %d\n",
> > + session->name, error);
> > + else
> > + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> > + "connect failed: %d\n", error);
> > + }
> >
> > return error;
> > }
> >
>
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 6/6] drivers/net/pppol2tp.c: remove null pointer dereference
@ 2008-05-12 19:00 ` Julia Lawall
0 siblings, 0 replies; 6+ messages in thread
From: Julia Lawall @ 2008-05-12 19:00 UTC (permalink / raw)
To: James Chapman; +Cc: linux-kernel, kernel-janitors, netdev
On Mon, 12 May 2008, James Chapman wrote:
> Adding netdev to CC list.
>
> Julia Lawall wrote:
> > From: Julia Lawall <julia@diku.dk>
> >
> > If session is NULL, it is not possible to access its name field. So I have
> > split apart the printing of the error message to drop the printing of the
> > name field in this case.
>
> I suggest add a note in the patch description that this bug will only be hit
> if the driver's debug is enabled.
I don't understand the above comment. In both the original and the new
code, if session is NULL, the first argument to PRINTK is -1 and the
second argument is PPPOL2TP_MSG_CONTROL, for which the only definition
seems to be the on in include/linux/if_pppol2tp.h, where it has a non-zero
value. So the test in the definition of PRINTK is non-zero and the print
occurs. Perhaps this is not what is wanted?
julia
> > This problem was found using the following semantic match
> > (http://www.emn.fr/x-info/coccinelle/)
> >
> > // <smpl>
> > @@
> > expression E, E1;
> > identifier f;
> > statement S1,S2,S3;
> > @@
> >
> > * if (E == NULL)
> > {
> > ... when != if (E == NULL) S1 else S2
> > when != E = E1
> > * E->f
> > ... when any
> > return ...;
> > }
> > else S3
> > // </smpl>
>
> Perhaps the above text should be in the additional info section of the patch
> description?
>
> Since this is a network driver, can you resubmit the patch to netdev?
>
> > Signed-off-by: Julia Lawall <julia@diku.dk>
> >
> > ---
> >
> > diff -u -p a/drivers/net/pppol2tp.c b/drivers/net/pppol2tp.c
> > --- linux-2.6/drivers/net/pppol2tp.c 2008-05-09 16:46:57.000000000 +0200
> > +++ linuxcopy/drivers/net/pppol2tp.c 2008-05-12 15:30:52.000000000 +0200
> > @@ -1621,9 +1621,16 @@ out_no_ppp:
> > end:
> > release_sock(sk);
> >
> > - if (error != 0)
> > - PRINTK(session ? session->debug : -1, PPPOL2TP_MSG_CONTROL,
> > KERN_WARNING,
> > - "%s: connect failed: %d\n", session->name, error);
> > + if (error != 0) {
> > + if (session)
> > + PRINTK(session->debug,
> > + PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> > + "%s: connect failed: %d\n",
> > + session->name, error);
> > + else
> > + PRINTK(-1, PPPOL2TP_MSG_CONTROL, KERN_WARNING,
> > + "connect failed: %d\n", error);
> > + }
> >
> > return error;
> > }
> >
>
> --
> To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2008-05-12 19:00 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-05-12 13:39 [PATCH 6/6] drivers/net/pppol2tp.c: remove null pointer dereference Julia Lawall
2008-05-12 13:39 ` Julia Lawall
2008-05-12 17:12 ` James Chapman
2008-05-12 17:12 ` James Chapman
2008-05-12 19:00 ` Julia Lawall
2008-05-12 19:00 ` Julia Lawall
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.