2006-08-03 20:13:04

by linas

[permalink] [raw]
Subject: [PATCH] pSeries hvsi char driver null pointer deref


Andrew,
Please apply.

Under certain rare circumstances, it appears that there can be
be a NULL-pointer deref when a user fiddles with terminal
emeulation programs while outpu is being sent to the console.
This patch checks for and avoids a NULL-pointer deref.

Signed-off-by: Hollis Blanchard <[email protected]>
Signed-off-by: Linas Vepstas <[email protected]>

----
drivers/char/hvsi.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

Index: linux-2.6.18-rc3-git1/drivers/char/hvsi.c
===================================================================
--- linux-2.6.18-rc3-git1.orig/drivers/char/hvsi.c 2006-08-03 14:50:00.000000000 -0500
+++ linux-2.6.18-rc3-git1/drivers/char/hvsi.c 2006-08-03 14:51:46.000000000 -0500
@@ -311,7 +311,8 @@ static void hvsi_recv_control(struct hvs
/* CD went away; no more connection */
pr_debug("hvsi%i: CD dropped\n", hp->index);
hp->mctrl &= TIOCM_CD;
- if (!(hp->tty->flags & CLOCAL))
+ /* If userland hasn't done an open(2) yet, hp->tty is NULL. */
+ if (hp->tty && !(hp->tty->flags & CLOCAL))
*to_hangup = hp->tty;
}
break;


2006-08-06 23:49:31

by Hollis Blanchard

[permalink] [raw]
Subject: Re: [PATCH] pSeries hvsi char driver null pointer deref

On Thu, 2006-08-03 at 15:13 -0500, Linas Vepstas wrote:
> Andrew,
> Please apply.
>
> Under certain rare circumstances, it appears that there can be
> be a NULL-pointer deref when a user fiddles with terminal
> emeulation programs while outpu is being sent to the console.
> This patch checks for and avoids a NULL-pointer deref.
>
> Signed-off-by: Hollis Blanchard <[email protected]>
> Signed-off-by: Linas Vepstas <[email protected]>

That email address is incorrect.

Signed-off-by: Hollis Blanchard <[email protected]>

> ----
> drivers/char/hvsi.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> Index: linux-2.6.18-rc3-git1/drivers/char/hvsi.c
> ===================================================================
> --- linux-2.6.18-rc3-git1.orig/drivers/char/hvsi.c 2006-08-03 14:50:00.000000000 -0500
> +++ linux-2.6.18-rc3-git1/drivers/char/hvsi.c 2006-08-03 14:51:46.000000000 -0500
> @@ -311,7 +311,8 @@ static void hvsi_recv_control(struct hvs
> /* CD went away; no more connection */
> pr_debug("hvsi%i: CD dropped\n", hp->index);
> hp->mctrl &= TIOCM_CD;
> - if (!(hp->tty->flags & CLOCAL))
> + /* If userland hasn't done an open(2) yet, hp->tty is NULL. */
> + if (hp->tty && !(hp->tty->flags & CLOCAL))
> *to_hangup = hp->tty;
> }
> break;
> _______________________________________________
> Linuxppc-dev mailing list
> [email protected]
> https://ozlabs.org/mailman/listinfo/linuxppc-dev