Re: [PATCH] compat: Fix panic caused by NULL pointer derefence in rtnl_fill_ifinfo

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jun 29, 2010 at 9:26 AM, Rajkumar Manoharan
<Rajkumar.Manoharan@xxxxxxxxxxx> wrote:
>>________________________________________
>>From: Luis R. Rodriguez [mcgrof@xxxxxxxxx]
>>Sent: Tuesday, June 29, 2010 8:51 PM
>>To: Rajkumar Manoharan
>>Cc: mcgrof@xxxxxxxxxx; linux-wireless@xxxxxxxxxxxxxxx; linux-bluetooth@xxxxxxxxxxxxxxx
>>Subject: Re: [PATCH] compat: Fix panic caused by NULL pointer derefence in      rtnl_fill_ifinfo
>
>>On Mon, Jun 28, 2010 at 11:38 PM, Rajkumar Manoharan
> <rmanoharan@xxxxxxxxxxx> wrote:
>> get stats netdev ops is blindy called for older kernels (< 2.6.29) and
>> so assigning a NULL pointer from netdev_attach_ops causes a NULL pointer
>> dereference.
>>
>> By default, netdev alloc provides an internal stats reference. So fill
>> this only if ndo_get_stats is defined.
>>
>> Signed-off-by: Rajkumar Manoharan <rmanoharan@xxxxxxxxxxx>
>> ---
>>  compat/compat-2.6.29.c |    3 ++-
>>  1 files changed, 2 insertions(+), 1 deletions(-)
>>
>> diff --git a/compat/compat-2.6.29.c b/compat/compat-2.6.29.c
>> index f94aed8..2e7e623 100644
>> --- a/compat/compat-2.6.29.c
>> +++ b/compat/compat-2.6.29.c
>> @@ -35,7 +35,8 @@ void netdev_attach_ops(struct net_device *dev,
>>        dev->change_mtu = ops->ndo_change_mtu;
>>        dev->set_mac_address = ops->ndo_set_mac_address;
>>        dev->tx_timeout = ops->ndo_tx_timeout;
>> -       dev->get_stats = ops->ndo_get_stats;
>> +       if (ops->ndo_get_stats)
>> +               dev->get_stats = ops->ndo_get_stats;
>>
>> If ops->ndo_get_stats is NULL then dev->get_stats will be set to NULL.
>> Do you know for sure this fixes something? If so can you explain how?
>> I used to have a macro that checked for not NULL and if true set the
>> callback but then later realized after Johannes poked me that this is
>> silly given that if the op is NULL you are just setting it to NULL.
>>
>> I don't see the potential crash here.
>>
>>  Luis
>
> During alloc_netdev, get_stats is set to default callback (internal_stats).
> It won't be NULL. Based on this assumption, get_stats is
> invoked blindly in rtnl_fill_ifinfo without NULL check. So either
> get_stats set with default callback or callback assigned by module.
> It shouldn't be NULL.

Fun, thanks! Patch applied, and propagated to the  linux-2.6.35.y
stable branch of compat as well.

  Luis
--
To unsubscribe from this list: send the line "unsubscribe linux-bluetooth" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Bluez Devel]     [Linux Wireless Networking]     [Linux Wireless Personal Area Networking]     [Linux ATH6KL]     [Linux USB Devel]     [Linux Media Drivers]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Big List of Linux Books]

  Powered by Linux