Null pointer dereference in bonding driver, kernel 2.6.24

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* Null pointer dereference in bonding driver, kernel 2.6.24
@ 2008-01-31 22:36 Chuck Ebbert
  2008-01-31 22:55 ` Jay Vosburgh
  0 siblings, 1 reply; 2+ messages in thread
From: Chuck Ebbert @ 2008-01-31 22:36 UTC (permalink / raw)
  To: Jay Vosburgh; +Cc: Netdev

In bond_main.c:

int bond_create(char *name, struct bond_params *params, struct bonding **newbond)
{
...
        /* Check to see if the bond already exists. */
        list_for_each_entry_safe(bond, nxt, &bond_dev_list, bond_list)
                if (strnicmp(bond->dev->name, name, IFNAMSIZ) == 0) {
                        printk(KERN_ERR DRV_NAME
                               ": cannot add bond %s; it already exists\n",


If 'name' is null we get a null dereference in strnicmp()

The code was added in 2.6.24.

Signed-off-by: Chuck Ebbert <cebbert@redhat.com>

---
(not even compile tested)

 drivers/net/bonding/bond_main.c |   20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

--- linux-2.6.24.noarch.orig/drivers/net/bonding/bond_main.c
+++ linux-2.6.24.noarch/drivers/net/bonding/bond_main.c
@@ -4882,15 +4882,17 @@ int bond_create(char *name, struct bond_
 	rtnl_lock();
 	down_write(&bonding_rwsem);
 
-	/* Check to see if the bond already exists. */
-	list_for_each_entry_safe(bond, nxt, &bond_dev_list, bond_list)
-		if (strnicmp(bond->dev->name, name, IFNAMSIZ) == 0) {
-			printk(KERN_ERR DRV_NAME
-			       ": cannot add bond %s; it already exists\n",
-			       name);
-			res = -EPERM;
-			goto out_rtnl;
-		}
+	if (name) {
+		/* Check to see if the bond already exists. */
+		list_for_each_entry_safe(bond, nxt, &bond_dev_list, bond_list)
+			if (strnicmp(bond->dev->name, name, IFNAMSIZ) == 0) {
+				printk(KERN_ERR DRV_NAME
+				       ": cannot add bond %s; it already exists\n",
+				       name);
+				res = -EPERM;
+				goto out_rtnl;
+			}
+	}
 
 	bond_dev = alloc_netdev(sizeof(struct bonding), name ? name : "",
 				ether_setup);

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: Null pointer dereference in bonding driver, kernel 2.6.24
  2008-01-31 22:36 Null pointer dereference in bonding driver, kernel 2.6.24 Chuck Ebbert
@ 2008-01-31 22:55 ` Jay Vosburgh
  0 siblings, 0 replies; 2+ messages in thread
From: Jay Vosburgh @ 2008-01-31 22:55 UTC (permalink / raw)
  To: Chuck Ebbert; +Cc: Netdev

Chuck Ebbert <cebbert@redhat.com> wrote:

>In bond_main.c:
>
>int bond_create(char *name, struct bond_params *params, struct bonding **newbond)
>{
>...
>        /* Check to see if the bond already exists. */
>        list_for_each_entry_safe(bond, nxt, &bond_dev_list, bond_list)
>                if (strnicmp(bond->dev->name, name, IFNAMSIZ) == 0) {
>                        printk(KERN_ERR DRV_NAME
>                               ": cannot add bond %s; it already exists\n",
>
>
>If 'name' is null we get a null dereference in strnicmp()
>
>The code was added in 2.6.24.

	This is already fixed in netdev-2.6#upstream.

	-J

---
	-Jay Vosburgh, IBM Linux Technology Center, fubar@us.ibm.com

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2008-01-31 22:55 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-01-31 22:36 Null pointer dereference in bonding driver, kernel 2.6.24 Chuck Ebbert
2008-01-31 22:55 ` Jay Vosburgh

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).