> On Oct 8, 2022, at 2:58 PM, Chuck Lever <chuck.lever@xxxxxxxxxx> wrote: > > If a zero length is passed to kmalloc() it returns 0x10, which is > not a valid address. gss_unwrap_resp_integ() subsequently crashes > when it attempts to dereference that pointer. > > Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx> Hi, is there a plan to merge this patch, or does the fix need a different approach? > --- > net/sunrpc/auth_gss/auth_gss.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c > index a31a27816cc0..7bb247c51e2f 100644 > --- a/net/sunrpc/auth_gss/auth_gss.c > +++ b/net/sunrpc/auth_gss/auth_gss.c > @@ -1989,7 +1989,7 @@ gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred, > goto unwrap_failed; > mic.len = len; > mic.data = kmalloc(len, GFP_KERNEL); > - if (!mic.data) > + if (ZERO_OR_NULL_PTR(mic.data)) > goto unwrap_failed; > if (read_bytes_from_xdr_buf(rcv_buf, offset, mic.data, mic.len)) > goto unwrap_failed; > > -- Chuck Lever
