[PATCH 1/1] Char: synclink, fix potential null dereference

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 1/1] Char: synclink, fix potential null dereference
@ 2010-01-10  8:51 Jiri Slaby
  2010-01-10 11:23 ` Jiri Slaby
  0 siblings, 1 reply; 3+ messages in thread
From: Jiri Slaby @ 2010-01-10  8:51 UTC (permalink / raw)
  To: gregkh; +Cc: akpm, linux-kernel, jirislaby, Alan Cox

Stanse found a potential null dereference in mgsl_put_char and
mgsl_write. There is a check for tty being NULL, but it is
dereferenced earlier. Move the dereference after the check.

Also reorder mgsl_paranoia_check so that it makes sense:
* check !tty
* deref tty
* check !info
* deref info

And don't jump to cleanup label in mgsl_write's two cases, return
immediately, since there is an info dereference as well.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 drivers/char/synclink.c |   30 ++++++++++++++++++++----------
 1 files changed, 20 insertions(+), 10 deletions(-)

diff --git a/drivers/char/synclink.c b/drivers/char/synclink.c
index 4846b73..30f21bd 100644
--- a/drivers/char/synclink.c
+++ b/drivers/char/synclink.c
@@ -2019,19 +2019,24 @@ static void mgsl_change_params(struct mgsl_struct *info)
  */
 static int mgsl_put_char(struct tty_struct *tty, unsigned char ch)
 {
-	struct mgsl_struct *info = tty->driver_data;
+	struct mgsl_struct *info;
 	unsigned long flags;
 	int ret = 0;
 
+	if (!tty)
+		return 0;
+
+	info = tty->driver_data;
+
+	if (mgsl_paranoia_check(info, tty->name, "mgsl_put_char"))
+		return 0;
+
 	if (debug_level >= DEBUG_LEVEL_INFO) {
 		printk(KERN_DEBUG "%s(%d):mgsl_put_char(%d) on %s\n",
 			__FILE__, __LINE__, ch, info->device_name);
 	}		
 	
-	if (mgsl_paranoia_check(info, tty->name, "mgsl_put_char"))
-		return 0;
-
-	if (!tty || !info->xmit_buf)
+	if (!info->xmit_buf)
 		return 0;
 
 	spin_lock_irqsave(&info->irq_spinlock, flags);
@@ -2111,17 +2116,22 @@ static int mgsl_write(struct tty_struct * tty,
 		    const unsigned char *buf, int count)
 {
 	int	c, ret = 0;
-	struct mgsl_struct *info = tty->driver_data;
+	struct mgsl_struct *info;
 	unsigned long flags;
 	
+	if (!tty)
+		return 0;
+
+	info = tty->driver_data;
+
+	if (mgsl_paranoia_check(info, tty->name, "mgsl_write"))
+		return 0;
+
 	if ( debug_level >= DEBUG_LEVEL_INFO )
 		printk( "%s(%d):mgsl_write(%s) count=%d\n",
 			__FILE__,__LINE__,info->device_name,count);
-	
-	if (mgsl_paranoia_check(info, tty->name, "mgsl_write"))
-		goto cleanup;
 
-	if (!tty || !info->xmit_buf)
+	if (!info->xmit_buf)
 		goto cleanup;
 
 	if ( info->params.mode == MGSL_MODE_HDLC ||
-- 
1.6.5.7


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH 1/1] Char: synclink, fix potential null dereference
  2010-01-10  8:51 [PATCH 1/1] Char: synclink, fix potential null dereference Jiri Slaby
@ 2010-01-10 11:23 ` Jiri Slaby
  2010-01-10 11:30   ` [PATCH 1/1] Char: synclink, remove unnecessary checks Jiri Slaby
  0 siblings, 1 reply; 3+ messages in thread
From: Jiri Slaby @ 2010-01-10 11:23 UTC (permalink / raw)
  Cc: gregkh, akpm, linux-kernel, Alan Cox

On 01/10/2010 09:51 AM, Jiri Slaby wrote:
> Stanse found a potential null dereference in mgsl_put_char and
> mgsl_write. There is a check for tty being NULL, but it is
> dereferenced earlier. Move the dereference after the check.
> 
> Also reorder mgsl_paranoia_check so that it makes sense:
> * check !tty
> * deref tty
> * check !info
> * deref info

Actually, this is wrong, .write and .put_char cannot be called with NULL
tty.

-- 
js

^ permalink raw reply	[flat|nested] 3+ messages in thread

* [PATCH 1/1] Char: synclink, remove unnecessary checks
  2010-01-10 11:23 ` Jiri Slaby
@ 2010-01-10 11:30   ` Jiri Slaby
  0 siblings, 0 replies; 3+ messages in thread
From: Jiri Slaby @ 2010-01-10 11:30 UTC (permalink / raw)
  To: gregkh; +Cc: linux-kernel, jirislaby, Andrew Morton, Alan Cox

Stanse found a potential null dereference in mgsl_put_char and
mgsl_write. There is a check for tty being NULL, but it is
dereferenced earlier.

Actually, tty cannot be NULL in .write and .put_char, so remove
the tests.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Alan Cox <alan@linux.intel.com>
---
 drivers/char/synclink.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/drivers/char/synclink.c b/drivers/char/synclink.c
index 4846b73..0658fc5 100644
--- a/drivers/char/synclink.c
+++ b/drivers/char/synclink.c
@@ -2031,7 +2031,7 @@ static int mgsl_put_char(struct tty_struct *tty, unsigned char ch)
 	if (mgsl_paranoia_check(info, tty->name, "mgsl_put_char"))
 		return 0;
 
-	if (!tty || !info->xmit_buf)
+	if (!info->xmit_buf)
 		return 0;
 
 	spin_lock_irqsave(&info->irq_spinlock, flags);
@@ -2121,7 +2121,7 @@ static int mgsl_write(struct tty_struct * tty,
 	if (mgsl_paranoia_check(info, tty->name, "mgsl_write"))
 		goto cleanup;
 
-	if (!tty || !info->xmit_buf)
+	if (!info->xmit_buf)
 		goto cleanup;
 
 	if ( info->params.mode == MGSL_MODE_HDLC ||
-- 
1.6.5.7


^ permalink raw reply related	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2010-01-10 11:30 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-10  8:51 [PATCH 1/1] Char: synclink, fix potential null dereference Jiri Slaby
2010-01-10 11:23 ` Jiri Slaby
2010-01-10 11:30   ` [PATCH 1/1] Char: synclink, remove unnecessary checks Jiri Slaby

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.