From: "John W. Linville" <linville@tuxdriver.com>
To: Christian Lamparter <chunkeey@googlemail.com>
Cc: linux-wireless@vger.kernel.org
Subject: Re: [PATCH] mac80211: fix possible null-pointer dereference
Date: Fri, 24 Sep 2010 14:00:13 -0400 [thread overview]
Message-ID: <20100924180013.GD8077@tuxdriver.com> (raw)
In-Reply-To: <201009210057.13297.chunkeey@googlemail.com>
On Tue, Sep 21, 2010 at 12:57:13AM +0200, Christian Lamparter wrote:
> net/mac80211/mesh_plink.c +574 mesh_rx_plink_frame(168)
> error: we previously assumed 'sta' could be null.
>
> This bug was detected by smatch.
> ( http://repo.or.cz/w/smatch.git )
>
> Cc: <stable@kernel.org>
> Signed-off-by: Christian Lamparter <chunkeey@googlemail.com>
> ---
> diff --git a/net/mac80211/mesh_plink.c b/net/mac80211/mesh_plink.c
> index ea13a80..1d7c564 100644
> --- a/net/mac80211/mesh_plink.c
> +++ b/net/mac80211/mesh_plink.c
> @@ -473,7 +473,7 @@ void mesh_rx_plink_frame(struct ieee80211_sub_if_data *sdata, struct ieee80211_m
> rcu_read_lock();
>
> sta = sta_info_get(sdata, mgmt->sa);
> - if (!sta && ftype != PLINK_OPEN) {
> + if (!sta || ftype != PLINK_OPEN) {
> mpl_dbg("Mesh plink: cls or cnf from unknown peer\n");
> rcu_read_unlock();
> return;
Are you sure this is the intended check? It isn't clear to me from looking at the code.
Perhaps line 574 just needs to be protected by another NULL check?
John
--
John W. Linville Someday the world will need a hero, and you
linville@tuxdriver.com might be all we have. Be ready.
next prev parent reply other threads:[~2010-09-24 18:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-09-20 22:57 [PATCH] mac80211: fix possible null-pointer dereference Christian Lamparter
2010-09-24 18:00 ` John W. Linville [this message]
2010-09-24 22:02 ` [RFC v2] " Christian Lamparter
2010-09-29 5:18 ` Jouni Malinen
2010-09-30 16:27 ` Bob Copeland
2010-09-30 16:52 ` Christian Lamparter
2010-10-01 8:25 ` Dan Carpenter
2010-10-07 22:38 ` Steve deRosier
2010-10-07 22:54 ` Johannes Berg
2010-10-08 17:56 ` Javier Cardona
2010-10-08 18:03 ` Johannes Berg
2010-10-08 18:25 ` Javier Cardona
2010-10-08 18:28 ` Johannes Berg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100924180013.GD8077@tuxdriver.com \
--to=linville@tuxdriver.com \
--cc=chunkeey@googlemail.com \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).