From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Hao Ge" <hao.ge@linux.dev>, <peterhuewe@gmx.de>, <jgg@ziepe.ca>
Cc: <linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>,
"Hao Ge" <gehao@kylinos.cn>
Subject: Re: [PATCH] tpm: Move dereference after NULL check in tpm_buf_check_hmac_response
Date: Mon, 15 Jul 2024 14:25:15 +0300 [thread overview]
Message-ID: <D2Q2Q4R8BZ4Q.2QZF7NM3RE9B8@kernel.org> (raw)
In-Reply-To: <20240709023337.102509-1-hao.ge@linux.dev>
On Tue Jul 9, 2024 at 5:33 AM EEST, Hao Ge wrote:
> From: Hao Ge <gehao@kylinos.cn>
>
> We shouldn't dereference "auth" until after we have checked that it is
> non-NULL.
>
> Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()")
> Signed-off-by: Hao Ge <gehao@kylinos.cn>
Also lacking:
Reported-by: Dan Carpenter <dan.carpenter@linaro.org>
Closes: https://lore.kernel.org/linux-integrity/3b1755a9-b12f-42fc-b26d-de2fe4e13ec2@stanley.mountain/T/#u
What is happening here is that my commit exposed pre-existing bug to
static analysis but it did not introduce a new regression. I missed
from your patch how did you ended up to your conclusions.
Please *do not* ignore the sources next time. Either explain how the bug
was found or provide the reporting source. You are essentially taking
credit and also blame from the work that you did not accomplish
yourself, which is both wrong and dishonest.
BR, Jarkko
next prev parent reply other threads:[~2024-07-15 11:25 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-09 2:33 [PATCH] tpm: Move dereference after NULL check in tpm_buf_check_hmac_response Hao Ge
2024-07-09 6:04 ` Markus Elfring
2024-07-14 15:43 ` Jarkko Sakkinen
2024-07-15 7:24 ` [PATCH v2] " Hao Ge
2024-07-15 8:29 ` [PATCH] " Hao Ge
2024-07-15 11:25 ` Jarkko Sakkinen [this message]
2024-07-15 11:52 ` James Bottomley
2024-07-16 10:06 ` Jarkko Sakkinen
2024-07-16 1:04 ` Hao Ge
2024-07-16 10:20 ` Jarkko Sakkinen
2024-07-16 10:33 ` Jarkko Sakkinen
2024-07-16 10:35 ` Jarkko Sakkinen
2024-07-16 10:57 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D2Q2Q4R8BZ4Q.2QZF7NM3RE9B8@kernel.org \
--to=jarkko@kernel.org \
--cc=gehao@kylinos.cn \
--cc=hao.ge@linux.dev \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox