2016-03-28 16:26:17

by Colin King

[permalink] [raw]
Subject: [PATCH] platform/x86: panasonic-laptop: set pcc after null device check to avoid null pointer dereference

From: Colin Ian King <[email protected]>

acpi_pcc_hotkey_remove sanity checks to see if device is null, however,
this check is performed after we have already passed device into a call
to acpi_driver_data. If device is null, then acpi_driver_data will produce
a null pointer dereference on device. The correct action is to sanity check
device, then assign pcc, then check if pcc is null.

Signed-off-by: Colin Ian King <[email protected]>
---
drivers/platform/x86/panasonic-laptop.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/drivers/platform/x86/panasonic-laptop.c b/drivers/platform/x86/panasonic-laptop.c
index 3f87097..39c1ebc 100644
--- a/drivers/platform/x86/panasonic-laptop.c
+++ b/drivers/platform/x86/panasonic-laptop.c
@@ -651,9 +651,13 @@ out_hotkey:

static int acpi_pcc_hotkey_remove(struct acpi_device *device)
{
- struct pcc_acpi *pcc = acpi_driver_data(device);
+ struct pcc_acpi *pcc;
+
+ if (!device)
+ return -EINVAL;

- if (!device || !pcc)
+ pcc = acpi_driver_data(device);
+ if (!pcc)
return -EINVAL;

sysfs_remove_group(&device->dev.kobj, &pcc_attr_group);
--
2.7.4


2016-03-28 21:37:41

by Harald Welte

[permalink] [raw]
Subject: Re: [PATCH] platform/x86: panasonic-laptop: set pcc after null device check to avoid null pointer dereference

On Mon, Mar 28, 2016 at 05:26:12PM +0100, Colin King wrote:
> Signed-off-by: Colin Ian King <[email protected]>

Acked-by: Harald Welte <[email protected]>
--
- Harald Welte <[email protected]> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)