From: Pavel Machek <pavel@denx.de>
To: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Subject: Re: [PATCH 4.9 05/29] usbnet: make sure no NULL pointer is passed through
Date: Tue, 5 Jul 2022 22:36:02 +0200 [thread overview]
Message-ID: <20220705203601.GA3184@amd> (raw)
In-Reply-To: <20220705115605.903898317@linuxfoundation.org>
[-- Attachment #1: Type: text/plain, Size: 1834 bytes --]
Hi!
> From: Oliver Neukum <oneukum@suse.com>
>
> commit 6c22fce07c97f765af1808ec3be007847e0b47d1 upstream.
>
> Coverity reports:
>
> ** CID 751368: Null pointer dereferences (FORWARD_NULL)
> /drivers/net/usb/usbnet.c: 1925 in __usbnet_read_cmd()
>
> ________________________________________________________________________________________________________
There's something wrong here. Changelog is cut, so signed-offs are
missing. It is wrong in git, too.
There's something wrong with the whitespace in the patch (indentation
by 4 spaces instead of tab), too.
Best regards,
Pavel
> --- a/drivers/net/usb/usbnet.c
> +++ b/drivers/net/usb/usbnet.c
> @@ -1960,8 +1960,13 @@ static int __usbnet_read_cmd(struct usbn
> err = usb_control_msg(dev->udev, usb_rcvctrlpipe(dev->udev, 0),
> cmd, reqtype, value, index, buf, size,
> USB_CTRL_GET_TIMEOUT);
> - if (err > 0 && err <= size)
> - memcpy(data, buf, err);
> + if (err > 0 && err <= size) {
> + if (data)
> + memcpy(data, buf, err);
> + else
> + netdev_dbg(dev->net,
> + "Huh? Data requested but thrown away.\n");
> + }
> kfree(buf);
> out:
> return err;
> @@ -1982,7 +1987,13 @@ static int __usbnet_write_cmd(struct usb
> buf = kmemdup(data, size, GFP_KERNEL);
> if (!buf)
> goto out;
> - }
> + } else {
> + if (size) {
> + WARN_ON_ONCE(1);
> + err = -EINVAL;
> + goto out;
> + }
> + }
>
> err = usb_control_msg(dev->udev, usb_sndctrlpipe(dev->udev, 0),
> cmd, reqtype, value, index, buf, size,
>
--
DENX Software Engineering GmbH, Managing Director: Wolfgang Denk
HRB 165235 Munich, Office: Kirchenstr.5, D-82194 Groebenzell, Germany
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 181 bytes --]
next prev parent reply other threads:[~2022-07-05 20:36 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-07-05 11:57 [PATCH 4.9 00/29] 4.9.322-rc1 review Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 01/29] dm raid: fix KASAN warning in raid5_add_disks Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 02/29] SUNRPC: Fix READ_PLUS crasher Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 03/29] net: rose: fix UAF bugs caused by timer handler Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 04/29] net: usb: ax88179_178a: Fix packet receiving Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 05/29] usbnet: make sure no NULL pointer is passed through Greg Kroah-Hartman
2022-07-05 20:36 ` Pavel Machek [this message]
2022-07-06 6:36 ` Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 06/29] usbnet: fix memory allocation in helpers Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 07/29] powerpc/powernv: wire up rng during setup_arch Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 08/29] caif_virtio: fix race between virtio_device_ready() and ndo_open() Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 09/29] netfilter: nft_dynset: restore set element counter when failing to update Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 10/29] net: bonding: fix possible NULL deref in rlb code Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 11/29] net: bonding: fix use-after-free after 802.3ad slave unbind Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 12/29] nfc: nfcmrvl: Fix irq_of_parse_and_map() return value Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 13/29] NFC: nxp-nci: Dont issue a zero length i2c_master_read() Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 14/29] xen/gntdev: Avoid blocking in unmap_grant_pages() Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 15/29] hwmon: (ibmaem) dont call platform_device_del() if platform_device_add() fails Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 16/29] net: dsa: bcm_sf2: force pause link settings Greg Kroah-Hartman
2022-07-05 15:34 ` Florian Fainelli
2022-07-05 16:15 ` Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 17/29] sit: use min Greg Kroah-Hartman
2022-07-05 11:57 ` [PATCH 4.9 18/29] ipv6/sit: fix ipip6_tunnel_get_prl return value Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 19/29] net: Rename and export copy_skb_header Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 20/29] xen/blkfront: fix leaking data in shared pages Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 21/29] xen/netfront: " Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 22/29] xen/netfront: force data bouncing when backend is untrusted Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 23/29] xen/blkfront: " Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 24/29] xen/arm: Fix race in RB-tree based P2M accounting Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 25/29] qmi_wwan: Added support for Telit LN940 series Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 26/29] net: usb: qmi_wwan: add Telit 0x1260 and 0x1261 compositions Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 27/29] net: usb: qmi_wwan: add Telit LE910Cx 0x1230 composition Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 28/29] net: usb: qmi_wwan: add Telit 0x1060 composition Greg Kroah-Hartman
2022-07-05 11:58 ` [PATCH 4.9 29/29] net: usb: qmi_wwan: add Telit 0x1070 composition Greg Kroah-Hartman
2022-07-05 16:53 ` [PATCH 4.9 00/29] 4.9.322-rc1 review Florian Fainelli
2022-07-06 7:27 ` Naresh Kamboju
2022-07-06 13:41 ` Guenter Roeck
2022-07-07 0:06 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220705203601.GA3184@amd \
--to=pavel@denx.de \
--cc=gregkh@linuxfoundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).