[PATCH] staging: fwserial: Fix potential NULL pointer dereferences

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If fwtty_install() will be invoked with such tty->index that will be
not less than MAX_TOTAL_PORTS then fwtty_port_get() will return NULL and
fwtty_install() will either assign it to tty->driver_data or dereference
in fwtty_port_put() (if tty_standard_install() will fail). The similar
situation is with fwloop_install(). The patch fixes both cases.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Evgeny Novikov <novikov@xxxxxxxxx>
---
 drivers/staging/fwserial/fwserial.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/staging/fwserial/fwserial.c b/drivers/staging/fwserial/fwserial.c
index 1ee6382cafc4..d0810896511e 100644
--- a/drivers/staging/fwserial/fwserial.c
+++ b/drivers/staging/fwserial/fwserial.c
@@ -1069,6 +1069,9 @@ static int fwtty_install(struct tty_driver *driver, struct tty_struct *tty)
 	struct fwtty_port *port = fwtty_port_get(tty->index);
 	int err;
 
+	if (!port)
+		return -ENODEV;
+
 	err = tty_standard_install(driver, tty);
 	if (!err)
 		tty->driver_data = port;
@@ -1082,6 +1085,9 @@ static int fwloop_install(struct tty_driver *driver, struct tty_struct *tty)
 	struct fwtty_port *port = fwtty_port_get(table_idx(tty->index));
 	int err;
 
+	if (!port)
+		return -ENODEV;
+
 	err = tty_standard_install(driver, tty);
 	if (!err)
 		tty->driver_data = port;
-- 
2.26.2





[Index of Archives]     [Linux Driver Development]     [Linux Driver Backports]     [DMA Engine]     [Linux GPIO]     [Linux SPI]     [Video for Linux]     [Linux USB Devel]     [Linux Coverity]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]
  Powered by Linux