2006-03-16 06:46:51

by Eugene Teo

[permalink] [raw]
Subject: [PATCH] Hamradio: Fix a NULL pointer dereference in net/hamradio/6pack.c

Pointer sp is dereferenced before NULL check.

Coverity bug #816

Signed-off-by: Eugene Teo <[email protected]>

--- linux-2.6/drivers/net/hamradio/6pack.c~ 2006-03-15 10:05:35.000000000 +0800
+++ linux-2.6/drivers/net/hamradio/6pack.c 2006-03-16 14:43:44.000000000 +0800
@@ -726,13 +726,16 @@ static void sixpack_close(struct tty_str
static int sixpack_ioctl(struct tty_struct *tty, struct file *file,
unsigned int cmd, unsigned long arg)
{
- struct sixpack *sp = sp_get(tty);
- struct net_device *dev = sp->dev;
+ struct sixpack *sp;
+ struct net_device *dev;
unsigned int tmp, err;

if (!sp)
return -ENXIO;

+ sp = sp_get(tty);
+ dev = sp->dev;
+
switch(cmd) {
case SIOCGIFNAME:
err = copy_to_user((void __user *) arg, dev->name,

--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }


2006-03-16 07:10:29

by Eugene Teo

[permalink] [raw]
Subject: Re: [PATCH] Hamradio: Fix a NULL pointer dereference in net/hamradio/6pack.c

<quote sender="Eugene Teo">
> Pointer sp is dereferenced before NULL check.
>
> Coverity bug #816
>
> Signed-off-by: Eugene Teo <[email protected]>

Ignore the previous patch please. Here's a resend.

--
Pointer sp is dereferenced before NULL check.

Coverity bug #816

Signed-off-by: Eugene Teo <[email protected]>

--- linux-2.6/drivers/net/hamradio/6pack.c~ 2006-03-15 10:05:35.000000000 +0800
+++ linux-2.6/drivers/net/hamradio/6pack.c 2006-03-16 15:08:43.000000000 +0800
@@ -727,12 +727,14 @@ static int sixpack_ioctl(struct tty_stru
unsigned int cmd, unsigned long arg)
{
struct sixpack *sp = sp_get(tty);
- struct net_device *dev = sp->dev;
+ struct net_device *dev;
unsigned int tmp, err;

if (!sp)
return -ENXIO;

+ dev = sp->dev;
+
switch(cmd) {
case SIOCGIFNAME:
err = copy_to_user((void __user *) arg, dev->name,

--
1024D/A6D12F80 print D51D 2633 8DAC 04DB 7265 9BB8 5883 6DAA A6D1 2F80
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

2006-03-16 08:12:13

by David Miller

[permalink] [raw]
Subject: Re: [PATCH] Hamradio: Fix a NULL pointer dereference in net/hamradio/6pack.c

From: Eugene Teo <[email protected]>
Date: Thu, 16 Mar 2006 15:10:28 +0800

> Pointer sp is dereferenced before NULL check.
>
> Coverity bug #816
>
> Signed-off-by: Eugene Teo <[email protected]>

Also applied, thanks a lot.