Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp1019979pxb;
        Fri, 1 Apr 2022 02:19:14 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzrmZtNc8w/X7iStSqUcxEO0mZ5lTpJkses7ccoXRlxGoVjr1S3ekr8B+kb43/2g0Mjh4cO
X-Received: by 2002:a17:906:e8b:b0:6e1:2387:35ef with SMTP id p11-20020a1709060e8b00b006e1238735efmr8470182ejf.583.1648804754074;
        Fri, 01 Apr 2022 02:19:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1648804754; cv=none;
        d=google.com; s=arc-20160816;
        b=VaZO8WF6G99WusxqN3P0un29L5cQx7YaET97xsg4DhvH3+N60DYdljS3wpSugRTCAf
         fh2KhWr9ADuzm5OgJhyTlb4YwlcyqwOJEruB5Il4a7RxN4JmSIUO8Y+RH65AsPC9ZBkD
         Q/O1IPoKeN+1c+jnuUdXzaRwx2ZQvn2/NmiBJ7q0i/NVwNkGwN67AajGHeA+cqWxf9dk
         dCbcfFZx6ge3reUCqrUW8T3ZF1su61p5Zjc9KK5uwm5H+akWTpdk3OpKLYl1VHFJs3wk
         T9ZhPGaFilfyW1yg6Vz4/KX9ZLgLsLz298GF0JFBG2G6QjLJYCjiJ15cZ4X2SV/1C8IH
         q1Ng==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from;
        bh=bFvBLpqkqlRXwWDW59OkCT9VI4KYPrpQgJneiLCGO6g=;
        b=fXClNGxjslDcV30m1Enj3bt4TCYiRl2bOjkW+Zj7JhYnA9kRX29+rYI1T9uyGs0Br9
         ts1Fn4N6e/3MdLEz1dtpHgYOyl6iHOZDG715TMNTUV56Z9n5toVPfb7CjJN/ChtIxDA/
         o9HNnSWY4gMtrWIyj5G3EjGDMZG43rfwLpTJy67U0Gl9l+IpvW1oMMwWwphyeNe8htp8
         rew7UfhEa2uGahcNkZ3X60Wh//4Jm6ogPonEQArJnBGUm7/Cp5hO0b/vbdK/xVhqv9Gt
         vvB5mnFmHZRWprNNMMIZdvS6/eaogZ0LbvSWq4x3qW9e6RC5HEuAVzRj5Y3im6pQeo4D
         LmAA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id t5-20020a1709060c4500b006df7e9105f2si1208328ejf.544.2022.04.01.02.18.48;
        Fri, 01 Apr 2022 02:19:14 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S244550AbiDAD3k (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Thu, 31 Mar 2022 23:29:40 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56906 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S235001AbiDAD3i (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 31 Mar 2022 23:29:38 -0400
Received: from mail.meizu.com (edge05.meizu.com [157.122.146.251])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 33C2B25EC8C
        for <linux-kernel@vger.kernel.org>; Thu, 31 Mar 2022 20:27:49 -0700 (PDT)
Received: from IT-EXMB-1-125.meizu.com (172.16.1.125) by mz-mail12.meizu.com
 (172.16.1.108) with Microsoft SMTP Server (TLS) id 14.3.487.0; Fri, 1 Apr
 2022 11:27:49 +0800
Received: from meizu.meizu.com (172.16.137.70) by IT-EXMB-1-125.meizu.com
 (172.16.1.125) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14; Fri, 1 Apr
 2022 11:27:46 +0800
From:   Haowen Bai <baihaowen@meizu.com>
To:     Corey Minyard <minyard@acm.org>
CC:     Haowen Bai <baihaowen@meizu.com>,
        <openipmi-developer@lists.sourceforge.net>,
        <linux-kernel@vger.kernel.org>
Subject: [PATCH] ipmi: ssif: potential NULL dereference in msg_done_handler()
Date:   Fri, 1 Apr 2022 11:27:45 +0800
Message-ID: <1648783665-19237-1-git-send-email-baihaowen@meizu.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [172.16.137.70]
X-ClientProxiedBy: IT-EXMB-1-124.meizu.com (172.16.1.124) To
 IT-EXMB-1-125.meizu.com (172.16.1.125)
X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,KHOP_HELO_FCRDNS,
        SPF_HELO_NONE,SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

msg could be null without checking null and return, but still dereference
msg->rsp[2] and will lead to a null pointer trigger.

Signed-off-by: Haowen Bai <baihaowen@meizu.com>
---
 drivers/char/ipmi/ipmi_ssif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index f199cc1..9383de3 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -814,7 +814,7 @@ static void msg_done_handler(struct ssif_info *ssif_info, int result,
 		break;
 
 	case SSIF_GETTING_EVENTS:
-		if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
+		if ((result < 0) || (len < 3) || (msg && (msg->rsp[2] != 0))) {
 			/* Error getting event, probably done. */
 			msg->done(msg);
 
-- 
2.7.4