Re: potential NULL dereference in sysfs_merge_group()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 24 Oct 2010, Dan Carpenter wrote:

> Hi Alan,
> 
> There is a bug in sysfs_merge_group() where it doesn't handle a NULL
> grp parameter properly.  The only caller in the kernel passes in a valid
> grp pointer so it doesn't affect anything yet.
> 
> fs/sysfs/group.c +175 sysfs_merge_group(15)
> 	error: we previously assumed 'grp' could be null.
>    168		if (grp)
>                     ^^^
> 	assumes that grp can be NULL.
> 
>    169			dir_sd = sysfs_get_dirent(kobj->sd, NULL, grp->name);
>    170		else
>    171			dir_sd = sysfs_get(kobj->sd);
>    172		if (!dir_sd)
>    173			return -ENOENT;
>    174	
>    175		for ((i = 0, attr = grp->attrs); *attr && !error; (++i, ++attr))
>                                     ^^^^^
> 	grp is dereferenced here.
> 
>    176			error = sysfs_add_file(dir_sd, *attr, SYSFS_KOBJ_ATTR);
> 
> I'm not sure how you want to handle this.

You're right, and I'm embarrassed not to have seen it before.

Since there's no point in calling this function if there are no 
attributes, we should require that grp always be non-NULL.  The initial 
test can be removed.  The same is true for sysfs_unmerge_group().

Alan Stern

--
To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Kernel Development]     [Kernel Announce]     [Kernel Newbies]     [Linux Networking Development]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Device Mapper]

  Powered by Linux