* [PATCH 1/1] Char: synclink, fix potential null dereference
@ 2010-01-10 8:51 Jiri Slaby
2010-01-10 11:23 ` Jiri Slaby
0 siblings, 1 reply; 3+ messages in thread
From: Jiri Slaby @ 2010-01-10 8:51 UTC (permalink / raw)
To: gregkh; +Cc: akpm, linux-kernel, jirislaby, Alan Cox
Stanse found a potential null dereference in mgsl_put_char and
mgsl_write. There is a check for tty being NULL, but it is
dereferenced earlier. Move the dereference after the check.
Also reorder mgsl_paranoia_check so that it makes sense:
* check !tty
* deref tty
* check !info
* deref info
And don't jump to cleanup label in mgsl_write's two cases, return
immediately, since there is an info dereference as well.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
drivers/char/synclink.c | 30 ++++++++++++++++++++----------
1 files changed, 20 insertions(+), 10 deletions(-)
diff --git a/drivers/char/synclink.c b/drivers/char/synclink.c
index 4846b73..30f21bd 100644
--- a/drivers/char/synclink.c
+++ b/drivers/char/synclink.c
@@ -2019,19 +2019,24 @@ static void mgsl_change_params(struct mgsl_struct *info)
*/
static int mgsl_put_char(struct tty_struct *tty, unsigned char ch)
{
- struct mgsl_struct *info = tty->driver_data;
+ struct mgsl_struct *info;
unsigned long flags;
int ret = 0;
+ if (!tty)
+ return 0;
+
+ info = tty->driver_data;
+
+ if (mgsl_paranoia_check(info, tty->name, "mgsl_put_char"))
+ return 0;
+
if (debug_level >= DEBUG_LEVEL_INFO) {
printk(KERN_DEBUG "%s(%d):mgsl_put_char(%d) on %s\n",
__FILE__, __LINE__, ch, info->device_name);
}
- if (mgsl_paranoia_check(info, tty->name, "mgsl_put_char"))
- return 0;
-
- if (!tty || !info->xmit_buf)
+ if (!info->xmit_buf)
return 0;
spin_lock_irqsave(&info->irq_spinlock, flags);
@@ -2111,17 +2116,22 @@ static int mgsl_write(struct tty_struct * tty,
const unsigned char *buf, int count)
{
int c, ret = 0;
- struct mgsl_struct *info = tty->driver_data;
+ struct mgsl_struct *info;
unsigned long flags;
+ if (!tty)
+ return 0;
+
+ info = tty->driver_data;
+
+ if (mgsl_paranoia_check(info, tty->name, "mgsl_write"))
+ return 0;
+
if ( debug_level >= DEBUG_LEVEL_INFO )
printk( "%s(%d):mgsl_write(%s) count=%d\n",
__FILE__,__LINE__,info->device_name,count);
-
- if (mgsl_paranoia_check(info, tty->name, "mgsl_write"))
- goto cleanup;
- if (!tty || !info->xmit_buf)
+ if (!info->xmit_buf)
goto cleanup;
if ( info->params.mode == MGSL_MODE_HDLC ||
--
1.6.5.7
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH 1/1] Char: synclink, fix potential null dereference
2010-01-10 8:51 [PATCH 1/1] Char: synclink, fix potential null dereference Jiri Slaby
@ 2010-01-10 11:23 ` Jiri Slaby
2010-01-10 11:30 ` [PATCH 1/1] Char: synclink, remove unnecessary checks Jiri Slaby
0 siblings, 1 reply; 3+ messages in thread
From: Jiri Slaby @ 2010-01-10 11:23 UTC (permalink / raw)
Cc: gregkh, akpm, linux-kernel, Alan Cox
On 01/10/2010 09:51 AM, Jiri Slaby wrote:
> Stanse found a potential null dereference in mgsl_put_char and
> mgsl_write. There is a check for tty being NULL, but it is
> dereferenced earlier. Move the dereference after the check.
>
> Also reorder mgsl_paranoia_check so that it makes sense:
> * check !tty
> * deref tty
> * check !info
> * deref info
Actually, this is wrong, .write and .put_char cannot be called with NULL
tty.
--
js
^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH 1/1] Char: synclink, remove unnecessary checks
2010-01-10 11:23 ` Jiri Slaby
@ 2010-01-10 11:30 ` Jiri Slaby
0 siblings, 0 replies; 3+ messages in thread
From: Jiri Slaby @ 2010-01-10 11:30 UTC (permalink / raw)
To: gregkh; +Cc: linux-kernel, jirislaby, Andrew Morton, Alan Cox
Stanse found a potential null dereference in mgsl_put_char and
mgsl_write. There is a check for tty being NULL, but it is
dereferenced earlier.
Actually, tty cannot be NULL in .write and .put_char, so remove
the tests.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Greg Kroah-Hartman <gregkh@suse.de>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Alan Cox <alan@linux.intel.com>
---
drivers/char/synclink.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/drivers/char/synclink.c b/drivers/char/synclink.c
index 4846b73..0658fc5 100644
--- a/drivers/char/synclink.c
+++ b/drivers/char/synclink.c
@@ -2031,7 +2031,7 @@ static int mgsl_put_char(struct tty_struct *tty, unsigned char ch)
if (mgsl_paranoia_check(info, tty->name, "mgsl_put_char"))
return 0;
- if (!tty || !info->xmit_buf)
+ if (!info->xmit_buf)
return 0;
spin_lock_irqsave(&info->irq_spinlock, flags);
@@ -2121,7 +2121,7 @@ static int mgsl_write(struct tty_struct * tty,
if (mgsl_paranoia_check(info, tty->name, "mgsl_write"))
goto cleanup;
- if (!tty || !info->xmit_buf)
+ if (!info->xmit_buf)
goto cleanup;
if ( info->params.mode == MGSL_MODE_HDLC ||
--
1.6.5.7
^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2010-01-10 11:30 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2010-01-10 8:51 [PATCH 1/1] Char: synclink, fix potential null dereference Jiri Slaby
2010-01-10 11:23 ` Jiri Slaby
2010-01-10 11:30 ` [PATCH 1/1] Char: synclink, remove unnecessary checks Jiri Slaby
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox