LinuxLists.cc - [PATCH] can: etas_es58x: Add check for alloc_can_err

2023-09-01 10:53:29

Subject: [PATCH] can: etas_es58x: Add check for alloc_can_err_skb

Add check for the return value of alloc_can_err_skb in order to
avoid NULL pointer dereference.

Fixes: 8537257874e9 ("can: etas_es58x: add core support for ETAS ES58X CAN USB interfaces")
Signed-off-by: Jiasheng Jiang <[email protected]>
---
drivers/net/can/usb/etas_es58x/es58x_core.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/drivers/net/can/usb/etas_es58x/es58x_core.c b/drivers/net/can/usb/etas_es58x/es58x_core.c
index 0c7f7505632c..d694cb22d9f4 100644
--- a/drivers/net/can/usb/etas_es58x/es58x_core.c
+++ b/drivers/net/can/usb/etas_es58x/es58x_core.c
@@ -680,6 +680,8 @@ int es58x_rx_err_msg(struct net_device *netdev, enum es58x_err error,
}

skb = alloc_can_err_skb(netdev, &cf);
+ if (!skb)
+ return -ENOMEM;

switch (error) {
case ES58X_ERR_OK: /* 0: No error */
--
2.25.1

2023-09-01 11:46:01

by Vincent MAILHOL

[permalink] [raw]

Subject: Re: [PATCH] can: etas_es58x: Add check for alloc_can_err_skb

On Fri. 1 Sept 2023 at 19:22, Jiasheng Jiang <[email protected]> wrote:
> Add check for the return value of alloc_can_err_skb in order to
> avoid NULL pointer dereference.
>
> Fixes: 8537257874e9 ("can: etas_es58x: add core support for ETAS ES58X CAN USB interfaces")
> Signed-off-by: Jiasheng Jiang <[email protected]>
> ---
> drivers/net/can/usb/etas_es58x/es58x_core.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/drivers/net/can/usb/etas_es58x/es58x_core.c b/drivers/net/can/usb/etas_es58x/es58x_core.c
> index 0c7f7505632c..d694cb22d9f4 100644
> --- a/drivers/net/can/usb/etas_es58x/es58x_core.c
> +++ b/drivers/net/can/usb/etas_es58x/es58x_core.c
> @@ -680,6 +680,8 @@ int es58x_rx_err_msg(struct net_device *netdev, enum es58x_err error,
> }
>
> skb = alloc_can_err_skb(netdev, &cf);
> + if (!skb)
> + return -ENOMEM;

NAK.

The checks on skb or cf are skipped intentionally here in order to
continue the error handling.

Later in this function, all the access to skb or cf and guarded by an:

if (cf)

And if cf is not NULL, skb is also guaranteed not to be NULL. For
further details, please refer to this commit:

https://git.kernel.org/torvalds/c/c8129487441e

Yours sincerely,
Vincent Mailhol

> switch (error) {
> case ES58X_ERR_OK: /* 0: No error */
> --
> 2.25.1
>