Received: by 2002:a05:6a10:206:0:0:0:0 with SMTP id 6csp1397625pxj;
        Fri, 21 May 2021 13:14:58 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJxlWnvSG5lWpiWR+8uXEARR6FJdYy9XlDaHRs1RhE7TzrUyEl8sk5eTTjTxl+l1URobmbAu
X-Received: by 2002:a05:6402:896:: with SMTP id e22mr13136402edy.256.1621628097856;
        Fri, 21 May 2021 13:14:57 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1621628097; cv=none;
        d=google.com; s=arc-20160816;
        b=CK2KX+p7GBgtH8iTTRFCGNuz7s0DXitloVDwprPa5SblhB3AJu0AorMC8s/pfa4gFi
         zAYPwErB8nkSme8vDOYvrqNtrLjaIDgMHl0ZTZ0Zv4KF7vMkkYxmkp2p5MILoMWozvTN
         cSZLQfEb7qR0YFYGNgZjtfvJeeiEhO2MTF2TTMRN+4t20+6X6xcSGYwjFAVmWczfFYeT
         aJxsC6SQz580HCqfjzN8sTtXst3EnbScJ1/wxNkbRVTzw6/oXWAyKWBWiqA7+rbyEMoK
         H2vHCm1itq/m5vwjBGQqO7pwOtiow3UkLQuDVZcnoyoZyBBAPh2e6RFHT+d+uodtQfsM
         3ExA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=TkFPdFD5qDQ09hMthZWQz0spWts+LLkQAq9Lh4bE9eA=;
        b=ST+WYpzSDxnLil6fiHFGyNgXx17RueAjb4z+UobABZJzQnOmM1lLmebwit3pdzYrVe
         kHGN691FM2gTQgxKmp++Tb+oKCNZhfEb7NHKCdT28oHnGbF57jELsXaAVgmsn7sR9sh7
         XQR4MTffrgRVkPcy7Z3fZcd32fZo/7aUQ7pe1gQT84PGS6hoy9Rihh9TYUTj0dui/GQR
         fhqWpSrTPzUeyHF2k6P5b1JaDzMgOokIeM1FvJJ0Iay5tyn5KftJA6dTvAjI2v8Qj10j
         WoUWK7cB4fyJ5URfqOuj2dKnYDoCJIjMktDIvQpTaWcU0sDNw7XzvI2KkPFTFTEI6QFk
         /pYA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id bo12si5612528edb.267.2021.05.21.13.14.34;
        Fri, 21 May 2021 13:14:57 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ispras.ru
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232273AbhEULpH (ORCPT <rfc822;lowstz@gmail.com> + 99 others);
        Fri, 21 May 2021 07:45:07 -0400
Received: from mail.ispras.ru ([83.149.199.84]:32918 "EHLO mail.ispras.ru"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S231377AbhEULpG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 21 May 2021 07:45:06 -0400
Received: from localhost.localdomain (unknown [10.10.2.182])
        by mail.ispras.ru (Postfix) with ESMTPS id 8083940755E0;
        Fri, 21 May 2021 11:43:40 +0000 (UTC)
From:   Evgeny Novikov <novikov@ispras.ru>
To:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Cc:     Evgeny Novikov <novikov@ispras.ru>,
        Johan Hovold <johan@kernel.org>,
        Nikolay Kyx <knv418@gmail.com>,
        Dinghao Liu <dinghao.liu@zju.edu.cn>,
        Abheek Dhawan <adawesomeguy222@gmail.com>,
        Lee Gibson <leegib@gmail.com>, linux-staging@lists.linux.dev,
        linux-kernel@vger.kernel.org, ldv-project@linuxtesting.org
Subject: [PATCH] staging: fwserial: Fix potential NULL pointer dereferences
Date:   Fri, 21 May 2021 14:43:39 +0300
Message-Id: <20210521114339.8469-1-novikov@ispras.ru>
X-Mailer: git-send-email 2.26.2
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

If fwtty_install() will be invoked with such tty->index that will be
not less than MAX_TOTAL_PORTS then fwtty_port_get() will return NULL and
fwtty_install() will either assign it to tty->driver_data or dereference
in fwtty_port_put() (if tty_standard_install() will fail). The similar
situation is with fwloop_install(). The patch fixes both cases.

Found by Linux Driver Verification project (linuxtesting.org).

Signed-off-by: Evgeny Novikov <novikov@ispras.ru>
---
 drivers/staging/fwserial/fwserial.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/drivers/staging/fwserial/fwserial.c b/drivers/staging/fwserial/fwserial.c
index 1ee6382cafc4..d0810896511e 100644
--- a/drivers/staging/fwserial/fwserial.c
+++ b/drivers/staging/fwserial/fwserial.c
@@ -1069,6 +1069,9 @@ static int fwtty_install(struct tty_driver *driver, struct tty_struct *tty)
 	struct fwtty_port *port = fwtty_port_get(tty->index);
 	int err;
 
+	if (!port)
+		return -ENODEV;
+
 	err = tty_standard_install(driver, tty);
 	if (!err)
 		tty->driver_data = port;
@@ -1082,6 +1085,9 @@ static int fwloop_install(struct tty_driver *driver, struct tty_struct *tty)
 	struct fwtty_port *port = fwtty_port_get(table_idx(tty->index));
 	int err;
 
+	if (!port)
+		return -ENODEV;
+
 	err = tty_standard_install(driver, tty);
 	if (!err)
 		tty->driver_data = port;
-- 
2.26.2