[PATCH][netlabel] Don't risk NULL ptr deref in netlbl_unlabel_staticlist

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH][netlabel] Don't risk NULL ptr deref in netlbl_unlabel_staticlist_gen() if ifindex not found
@ 2008-04-16 21:08 Jesper Juhl
  2008-04-16 21:21 ` Paul Moore
  0 siblings, 1 reply; 4+ messages in thread
From: Jesper Juhl @ 2008-04-16 21:08 UTC (permalink / raw)
  To: Paul Moore; +Cc: netdev, linux-kernel, David Miller, Jesper Juhl

Hi,

dev_get_by_index() may return NULL if nothing is found. In 
net/netlabel/netlabel_unlabeled.c::netlbl_unlabel_staticlist_gen() the 
function is called, but the return value is never checked. If it returns 
NULL then we'll deref a NULL pointer on the very next line.
I checked the callers, and I don't think this can actually happen today, 
but code changes over time and in the future it might happen and it does 
no harm to be defensive and check for the failure, so that if/when it 
happens we'll fail gracefully instead of crashing.

Please consider the patch below for inclusion.

Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
---

 netlabel_unlabeled.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 4478f2f..6af9457 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -1339,6 +1339,10 @@ static int netlbl_unlabel_staticlist_gen(u32 cmd,

 	if (iface->ifindex > 0) {
 		dev = dev_get_by_index(&init_net, iface->ifindex);
+		if (!dev) {
+			ret_val = -ENODEV;
+			goto list_cb_failure;
+		}
 		ret_val = nla_put_string(cb_arg->skb,
 					 NLBL_UNLABEL_A_IFACE, dev->name);
 		dev_put(dev);

^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH][netlabel] Don't risk NULL ptr deref in netlbl_unlabel_staticlist_gen() if ifindex not found
  2008-04-16 21:08 [PATCH][netlabel] Don't risk NULL ptr deref in netlbl_unlabel_staticlist_gen() if ifindex not found Jesper Juhl
@ 2008-04-16 21:21 ` Paul Moore
  2008-04-16 21:30   ` Jesper Juhl
  0 siblings, 1 reply; 4+ messages in thread
From: Paul Moore @ 2008-04-16 21:21 UTC (permalink / raw)
  To: Jesper Juhl; +Cc: netdev, linux-kernel, David Miller

On Wednesday 16 April 2008 5:08:58 pm Jesper Juhl wrote:
> Hi,
>
> dev_get_by_index() may return NULL if nothing is found. In
> net/netlabel/netlabel_unlabeled.c::netlbl_unlabel_staticlist_gen()
> the function is called, but the return value is never checked. If it
> returns NULL then we'll deref a NULL pointer on the very next line.
> I checked the callers, and I don't think this can actually happen
> today, but code changes over time and in the future it might happen
> and it does no harm to be defensive and check for the failure, so
> that if/when it happens we'll fail gracefully instead of crashing.
>
> Please consider the patch below for inclusion.
>
>
> Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>

I agree we should check for NULL here.  I checked the return of 
dev_get_by_index() in the rest of the file I must have just forgotten 
to check it here.

Thanks for finding this and fixing it.

Acked-by: Paul Moore <paul.moore@hp.com>

>
>  netlabel_unlabeled.c |    4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/net/netlabel/netlabel_unlabeled.c
> b/net/netlabel/netlabel_unlabeled.c index 4478f2f..6af9457 100644
> --- a/net/netlabel/netlabel_unlabeled.c
> +++ b/net/netlabel/netlabel_unlabeled.c
> @@ -1339,6 +1339,10 @@ static int netlbl_unlabel_staticlist_gen(u32
> cmd,
>
>  	if (iface->ifindex > 0) {
>  		dev = dev_get_by_index(&init_net, iface->ifindex);
> +		if (!dev) {
> +			ret_val = -ENODEV;
> +			goto list_cb_failure;
> +		}
>  		ret_val = nla_put_string(cb_arg->skb,
>  					 NLBL_UNLABEL_A_IFACE, dev->name);
>  		dev_put(dev);

-- 
paul moore
linux @ hp

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH][netlabel] Don't risk NULL ptr deref in netlbl_unlabel_staticlist_gen() if ifindex not found
  2008-04-16 21:21 ` Paul Moore
@ 2008-04-16 21:30   ` Jesper Juhl
  2008-04-18  6:23     ` David Miller
  0 siblings, 1 reply; 4+ messages in thread
From: Jesper Juhl @ 2008-04-16 21:30 UTC (permalink / raw)
  To: Paul Moore; +Cc: netdev, linux-kernel, David Miller

On 16/04/2008, Paul Moore <paul.moore@hp.com> wrote:
> On Wednesday 16 April 2008 5:08:58 pm Jesper Juhl wrote:
>  > Hi,
>  >
>  > dev_get_by_index() may return NULL if nothing is found. In
>  > net/netlabel/netlabel_unlabeled.c::netlbl_unlabel_staticlist_gen()
>  > the function is called, but the return value is never checked. If it
>  > returns NULL then we'll deref a NULL pointer on the very next line.
>  > I checked the callers, and I don't think this can actually happen
>  > today, but code changes over time and in the future it might happen
>  > and it does no harm to be defensive and check for the failure, so
>  > that if/when it happens we'll fail gracefully instead of crashing.
>  >
>  > Please consider the patch below for inclusion.
>  >
>  >
>  > Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
>
>
> I agree we should check for NULL here.  I checked the return of
>  dev_get_by_index() in the rest of the file I must have just forgotten
>  to check it here.
>
>  Thanks for finding this and fixing it.
>
You're welcome.

>  Acked-by: Paul Moore <paul.moore@hp.com>
>

David, will you merge this in the net tree ?

>
>  >
>  >  netlabel_unlabeled.c |    4 ++++
>  >  1 file changed, 4 insertions(+)
>  >
>  > diff --git a/net/netlabel/netlabel_unlabeled.c
>  > b/net/netlabel/netlabel_unlabeled.c index 4478f2f..6af9457 100644
>  > --- a/net/netlabel/netlabel_unlabeled.c
>  > +++ b/net/netlabel/netlabel_unlabeled.c
>  > @@ -1339,6 +1339,10 @@ static int netlbl_unlabel_staticlist_gen(u32
>  > cmd,
>  >
>  >       if (iface->ifindex > 0) {
>  >               dev = dev_get_by_index(&init_net, iface->ifindex);
>  > +             if (!dev) {
>  > +                     ret_val = -ENODEV;
>  > +                     goto list_cb_failure;
>  > +             }
>  >               ret_val = nla_put_string(cb_arg->skb,
>  >                                        NLBL_UNLABEL_A_IFACE, dev->name);
>  >               dev_put(dev);
>

-- 
Jesper Juhl <jesper.juhl@gmail.com>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH][netlabel] Don't risk NULL ptr deref in netlbl_unlabel_staticlist_gen() if ifindex not found
  2008-04-16 21:30   ` Jesper Juhl
@ 2008-04-18  6:23     ` David Miller
  0 siblings, 0 replies; 4+ messages in thread
From: David Miller @ 2008-04-18  6:23 UTC (permalink / raw)
  To: jesper.juhl; +Cc: paul.moore, netdev, linux-kernel

From: "Jesper Juhl" <jesper.juhl@gmail.com>
Date: Wed, 16 Apr 2008 23:30:10 +0200

> On 16/04/2008, Paul Moore <paul.moore@hp.com> wrote:
> >  Acked-by: Paul Moore <paul.moore@hp.com>
> >
> 
> David, will you merge this in the net tree ?

I've done that, thanks everyone.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2008-04-18  6:23 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-04-16 21:08 [PATCH][netlabel] Don't risk NULL ptr deref in netlbl_unlabel_staticlist_gen() if ifindex not found Jesper Juhl
2008-04-16 21:21 ` Paul Moore
2008-04-16 21:30   ` Jesper Juhl
2008-04-18  6:23     ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).