Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[patch] afs: potential null dereference

0 views
Skip to first unread message

Dan Carpenter

unread,
Mar 20, 2010, 7:30:02 AM3/20/10
to
It seems clear from the surrounding code that xpermits is allowed to be
NULL here.

Signed-off-by: Dan Carpenter <err...@gmail.com>

diff --git a/fs/afs/security.c b/fs/afs/security.c
index 3ef5043..bb4ed14 100644
--- a/fs/afs/security.c
+++ b/fs/afs/security.c
@@ -189,8 +189,9 @@ void afs_cache_permit(struct afs_vnode *vnode, struct key *key, long acl_order)
if (!permits)
goto out_unlock;

- memcpy(permits->permits, xpermits->permits,
- count * sizeof(struct afs_permit));
+ if (xpermits)
+ memcpy(permits->permits, xpermits->permits,
+ count * sizeof(struct afs_permit));

_debug("key %x access %x",
key_serial(key), vnode->status.caller_access);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

David Howells

unread,
Mar 22, 2010, 8:10:02 AM3/22/10
to
Dan Carpenter <err...@gmail.com> wrote:

> It seems clear from the surrounding code that xpermits is allowed to be
> NULL here.

Interesting. The memcpy() won't oops due to this because if it is given a
NULL pointer, it will also be given a zero count. I wonder if this means the
if-statement your patch adds is actually unnecessary...

David

Dan Carpenter

unread,
Mar 22, 2010, 9:00:02 AM3/22/10
to
On Mon, Mar 22, 2010 at 12:05:20PM +0000, David Howells wrote:
> Dan Carpenter <err...@gmail.com> wrote:
>
> > It seems clear from the surrounding code that xpermits is allowed to be
> > NULL here.
>
> Interesting. The memcpy() won't oops due to this because if it is given a
> NULL pointer, it will also be given a zero count. I wonder if this means the
> if-statement your patch adds is actually unnecessary...
>

I was concerned about the dereference here:

+ if (xpermits)
+ memcpy(permits->permits, xpermits->permits,

^^^^^^^^^^^^^^^^^


+ count * sizeof(struct afs_permit));

This code has been there for three years, so yeah, you would think if it
were a problem someone would have complained. My theory was "xpermits"
was almost always non-null.

regards,
dan carpenter

David Howells

unread,
Mar 22, 2010, 9:10:02 AM3/22/10
to
Dan Carpenter <err...@gmail.com> wrote:

> I was concerned about the dereference here:
>
> + if (xpermits)
> + memcpy(permits->permits, xpermits->permits,
> ^^^^^^^^^^^^^^^^^
> + count * sizeof(struct afs_permit));

That's a good point - in which case your patch should definitely go in.

0 new messages