Re: softmac possible null deref [was: Complete report of Null dereferenceerrors in kernel 2.6.17.1]
From: Thomas Dillig
Date: Mon Jul 24 2006 - 19:58:14 EST
Either I'm misunderstanding, or this is bogus.
when *pkt is allocated by the various child functions (e.g.
ieee80211softmac_disassoc_deauth), it is always checked for NULL
before being used.
Finally, line 453 does another NULL check, so that any failures
generated above are handled appropriately.
What is the report trying to say?
Daniel
-
To unsubscribe from this list: send the line "unsubscribe
linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Hi,
At least in 2.6.17.1, the function looks as follows:
/* Create an rts/cts frame */
445 static u32
446 ieee80211softmac_rts_cts(struct ieee80211_hdr_2addr **pkt,
447 struct ieee80211softmac_device *mac, struct
ieee80211softmac_network *net,
448 u32 type)
449 {
450 /* Allocate Packet */
451 (*pkt) = kmalloc(IEEE80211_2ADDR_LEN, GFP_ATOMIC);
452 memset(*pkt, 0, IEEE80211_2ADDR_LEN); //*pkt is not checked
for NULL
453 if((*pkt) == NULL) //*pkt is checked for NULL
454 return 0;
455 ieee80211softmac_hdr_2addr(mac, (*pkt), type, net->bssid);
456 return IEEE80211_2ADDR_LEN;
457 }
The report is just trying to say that "*pkt" is dereferenced inside the
call to "memset" and checked for being null one line later.
I hope this clarifies the message,
-Tom
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/