[PATCH] tty: hso: Fix potential null pointer dereference

[PATCH] tty: hso: Fix potential null pointer dereference

[Ren Mingshuai]

Generally, the old always points to the address of a ktermios structure,
so old is unlikely to be NULL. Still check it before dereference as
elsewhere.

Signed-off-by: Ren Mingshuai <renmingshuai@huawei.com>
---
 drivers/net/usb/hso.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
index ce1f6081d582..4ad829ab54d3 100644
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -1396,7 +1396,8 @@ static void hso_serial_set_termios(struct tty_struct *tty,
 	if (serial->port.count)
 		_hso_serial_set_termios(tty);
 	else
-		tty->termios = *old;
+		if (old)
+			tty->termios = *old;
 	spin_unlock_irqrestore(&serial->serial_lock, flags);
 
 	/* done */
-- 
2.33.0

Re: [PATCH] tty: hso: Fix potential null pointer dereference

[Greg KH]

On Wed, Nov 01, 2023 at 09:35:44PM +0800, Ren Mingshuai wrote:
> Generally, the old always points to the address of a ktermios structure,
> so old is unlikely to be NULL. Still check it before dereference as
> elsewhere.

If it can not happen, there is no need to check it.  So unless you can
prove that this ever could happen, this change isn't needed, right?

thanks,

greg k-h

Re: [PATCH] tty: hso: Fix potential null pointer dereference.

[Ren Mingshuai]

>> Generally, the old always points to the address of a ktermios structure,
>> so old is unlikely to be NULL. Still check it before dereference as
>> elsewhere.
>
>If it can not happen, there is no need to check it.  So unless you can
>prove that this ever could happen, this change isn't needed, right?
>
>thanks,
>
>greg k-h
Thanks for reply. I agree with you. The reason for checking old there
is that it is checked at the beginning in hso_serial_set_termios(). It is
better to check it both or not, right?
Delete it to avoid smatch complaints.
drivers/net/usb/hso.c:1399 hso_serial_set_termios() error: we previously assumed 'old' could be null (see line 1389).

diff --git a/drivers/net/usb/hso.c b/drivers/net/usb/hso.c
index 4ad829ab54d3..383ff8b04473 100644
--- a/drivers/net/usb/hso.c
+++ b/drivers/net/usb/hso.c
@@ -1386,10 +1386,9 @@ static void hso_serial_set_termios(struct tty_struct *tty,
        struct hso_serial *serial = tty->driver_data;
        unsigned long flags;

-       if (old)
-               hso_dbg(0x16, "Termios called with: cflags new[%u] - old[%u]\n",
-                       (unsigned int)tty->termios.c_cflag,
-                       (unsigned int)old->c_cflag);
+       hso_dbg(0x16, "Termios called with: cflags new[%u] - old[%u]\n",
+               (unsigned int)tty->termios.c_cflag,
+               (unsigned int)old->c_cflag);

        /* the actual setup */
        spin_lock_irqsave(&serial->serial_lock, flags);