[PATCH] Check the value of doi before referencing it

[PATCH] Check the value of doi before referencing it

[Huzaifa Sidhpurwala]

Value of doi is not checked before referencing it.
Though this does not cause any null pointer dereference since
all the callers of cipso_v4_doi_add check the value of doi
before calling the function, but it would be a good programming
practice to do so anyways :)

Signed-off-by: Huzaifa Sidhpurwala <huzaifas@redhat.com>
---
 net/ipv4/cipso_ipv4.c |    9 ++++++---
 1 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/net/ipv4/cipso_ipv4.c b/net/ipv4/cipso_ipv4.c
index a0af7ea..7adc4ea 100644
--- a/net/ipv4/cipso_ipv4.c
+++ b/net/ipv4/cipso_ipv4.c
@@ -473,10 +473,13 @@ int cipso_v4_doi_add(struct cipso_v4_doi *doi_def,
 	u32 doi_type;
 	struct audit_buffer *audit_buf;
 
-	doi = doi_def->doi;
-	doi_type = doi_def->type;
+	if (doi_def) {
+		doi = doi_def->doi;
+		doi_type = doi_def->type;
+	} else
+	goto doi_add_return;
 
-	if (doi_def == NULL || doi_def->doi == CIPSO_V4_DOI_UNKNOWN)
+	if (doi_def->doi == CIPSO_V4_DOI_UNKNOWN)
 		goto doi_add_return;
 	for (iter = 0; iter < CIPSO_V4_TAG_MAXCNT; iter++) {
 		switch (doi_def->tags[iter]) {
-- 
1.7.1

Re: [PATCH] Check the value of doi before referencing it

[David Miller]

From: Huzaifa Sidhpurwala <huzaifas@redhat.com>
Date: Wed, 18 May 2011 09:59:40 +0530

> Value of doi is not checked before referencing it.
> Though this does not cause any null pointer dereference since
> all the callers of cipso_v4_doi_add check the value of doi
> before calling the function, but it would be a good programming
> practice to do so anyways :)
> 
> Signed-off-by: Huzaifa Sidhpurwala <huzaifas@redhat.com>

I don't think we should fix bugs that do not exist.

Re: [PATCH] Check the value of doi before referencing it

[Paul Moore]

On Wednesday, May 18, 2011 1:04:53 AM David Miller wrote:
> From: Huzaifa Sidhpurwala <huzaifas@redhat.com>
> Date: Wed, 18 May 2011 09:59:40 +0530
> 
> > Value of doi is not checked before referencing it.
> > Though this does not cause any null pointer dereference since
> > all the callers of cipso_v4_doi_add check the value of doi
> > before calling the function, but it would be a good programming
> > practice to do so anyways :)
> > 
> > Signed-off-by: Huzaifa Sidhpurwala <huzaifas@redhat.com>
> 
> I don't think we should fix bugs that do not exist.

I agree with David.

If there were a large number of callers or cipso_v4_doi_add() was a more 
general function there might be some merit in performing more sanity checks on 
the values passed to the function.  However, as it stands, cipso_v4_doi_add() 
is a fairly specialized function which is called by a small number of 
functions all of which are internal to NetLabel.

--
paul moore
linux @ hp