Hi Chuck, On Wed, Oct 19, 2022 at 11:50 AM Chuck Lever III <chuck.lever@xxxxxxxxxx> wrote: > > > > > On Oct 8, 2022, at 2:58 PM, Chuck Lever <chuck.lever@xxxxxxxxxx> wrote: > > > > If a zero length is passed to kmalloc() it returns 0x10, which is > > not a valid address. gss_unwrap_resp_integ() subsequently crashes > > when it attempts to dereference that pointer. > > > > Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx> > > Hi, is there a plan to merge this patch, or does the fix need > a different approach? Thanks for following up. I'm planning to include it in my next bugfixes pull request. Anna > > > > --- > > net/sunrpc/auth_gss/auth_gss.c | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/net/sunrpc/auth_gss/auth_gss.c b/net/sunrpc/auth_gss/auth_gss.c > > index a31a27816cc0..7bb247c51e2f 100644 > > --- a/net/sunrpc/auth_gss/auth_gss.c > > +++ b/net/sunrpc/auth_gss/auth_gss.c > > @@ -1989,7 +1989,7 @@ gss_unwrap_resp_integ(struct rpc_task *task, struct rpc_cred *cred, > > goto unwrap_failed; > > mic.len = len; > > mic.data = kmalloc(len, GFP_KERNEL); > > - if (!mic.data) > > + if (ZERO_OR_NULL_PTR(mic.data)) > > goto unwrap_failed; > > if (read_bytes_from_xdr_buf(rcv_buf, offset, mic.data, mic.len)) > > goto unwrap_failed; > > > > > > -- > Chuck Lever > > >
