Re: [nft PATCH v2 2/4] netlink_delinearize: Avoid potential null pointer deref

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Mon, Sep 05, 2016 at 06:52:43PM +0200, Pablo Neira Ayuso wrote:
> On Tue, Aug 30, 2016 at 07:39:50PM +0200, Phil Sutter wrote:
> > As netlink_get_register() may return NULL, we must not pass the returned
> > data unchecked to expr_set_type() as that will dereference it. Since the
> > parser has failed at that point anyway, by returning early we can skip
> > the useless statement allocation that follows in
> > netlink_parse_ct_stmt().
> 
> I found a couple more spots, such as the payload stmt that was not
> covered by this patch.

OK. The reason I left those out was that they don't call expr_set_type()
and therefore the potential NULL pointer dereference doesn't happen
there.

> Attaching a new one based on this, looks good to you?

Acked-by: Phil Sutter <phil@xxxxxx>

> Anyway, this is very unlikely to happen: Only if we ever get more
> registers in the kernel, given that expl_clone() relies on the
> xzalloc() function that just stops execution under OOM.

Yes. The thing with Covscan is it will find very theoretical issues and
practical relevance is usually questionable (as they would likely have
been found already).

> Actually this brings an interesting issue that is that we need to
> provide a way to describe the vm capabilities so we can extend things
> in the future without breaking userspace.

Not my cup of tea luckily. :)

Thanks, Phil
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux