Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3433929pxb; Mon, 4 Apr 2022 16:53:25 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwL09wX5e/7Nmlr5qHX3YHEhFjYFP0Pjda0M1XF0V2QwJug8ed8YONho4cHnCtM+kB9PMEq X-Received: by 2002:a63:354f:0:b0:398:4ead:866e with SMTP id c76-20020a63354f000000b003984ead866emr563131pga.322.1649116405504; Mon, 04 Apr 2022 16:53:25 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649116405; cv=none; d=google.com; s=arc-20160816; b=dn/rZH9+F5Wg6/Ga13WyoVXsbbbIIlPxJv6uj00V0chb3+xfHqXmG4N8HfImoDzEls kn6Vor7KvaNeWsdljwFk1WvYVjgJ2r/Mote3h9grzhtVW+G8VsQ85LSXZGH7248UE72N 0wbezvBgJTg6aejxbpz2GxZF8IA7ZLg5MZ+QynHsadWfPp6n34VtQMGu3Su195U7dhZX Dmq5IKgW/MsWSYbvf6mFuymIlPAS48AoFfMnDG5+Nige7Z9GtG99BcK+3BOYvzKP2+zE 4gkgXQARU8ojzuRtchXBlrglODUMh67rNdMV1SsMOYvrvHGGqnbmyAk4Z/geXnJvhDFV TduQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=LImEOxfyIPGlQbCQpplXE60DtSoSNNxE1+4gEbrz2CE=; b=SXRs0W3a+g1DQnn9kbzsaxfYg6gQwYltukXbK89yD5rXi5RfDWD160UMJwv0TShn1r tVfOfPCLdJEH243XNuVN7vkHVl0rfwFe66rHAr9L3BNyfoCxVh4w9NUQE+dRbHO15oLt FF8EhuPiJdyKWqU4dFgTChsdIVfzNTCWmNg3A01up4ybsWU8V5VHnlN7xY3ZnogAbheq i9CLXh6ZCeH2KFO4Y3tAlPMjY7k85aCVC9jOiIB+Bfo2UBsdCc23PDpvLZwYsAWT2ptW 30uwB3CQOlg89APowMbn6A7y/nkS5+XM5rnvsH+NX2/+OlIjtHDsKUGo6a095EeqaUBM yqjg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cs2hIo1S; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id u12-20020a056a00158c00b004fafbbff888si11158277pfk.348.2022.04.04.16.53.25 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Apr 2022 16:53:25 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=cs2hIo1S; spf=softfail (google.com: domain of transitioning linux-kernel-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id F2C775E17F; Mon, 4 Apr 2022 16:36:34 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1347593AbiDARLV (ORCPT + 99 others); Fri, 1 Apr 2022 13:11:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54818 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S239345AbiDARLT (ORCPT ); Fri, 1 Apr 2022 13:11:19 -0400 Received: from mail-pg1-x531.google.com (mail-pg1-x531.google.com [IPv6:2607:f8b0:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BDC912A248; Fri, 1 Apr 2022 10:09:29 -0700 (PDT) Received: by mail-pg1-x531.google.com with SMTP id s72so2872381pgc.5; Fri, 01 Apr 2022 10:09:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=LImEOxfyIPGlQbCQpplXE60DtSoSNNxE1+4gEbrz2CE=; b=cs2hIo1S07860WC/5XZ0dR/RsivlP0TwpIQKBXM2BF8Q+Dfl2P62mdz0Ota8I+e9AP JaTwdeyGd/rvilDz/t2qLn4yYUmSb5kZFnt70yVrxS/cCFYlKiCL2QZAu3bVnPHkEEd4 vfKQ+Mns7K7AtAH8C6d74FxAYWIA9qp2I+snEEzOaHu5tXrHHrlEU2sowSJXA1Uq6thQ toNlRAqYsmtX8ruR4IpP1hHYcKw182FKOz6dKZhFjU81ZFIABp7DCZfeOh5z0hpQXa/X eKzvrHqo5I0KPIbJ5w8XhnVTp0HC87h2oujurqPx4O8fpKE+lSs+mtKhz7591GEkRgUQ xOTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=LImEOxfyIPGlQbCQpplXE60DtSoSNNxE1+4gEbrz2CE=; b=ItFGK/8gE+7xat4friLhBKvUHG6J2I3hH6gGk37325MewvMsIhbqIDpGBw4xuAvhem q/rcBqHGZOEhVK7xmlzQHWi1nT2CeKCXYrXrRei7QSFEiDO+jeeNp6Hs0sJt+TSGLdzL t5VMMl17czvT/ED377OP2B7a7RAx4AkYtPCR/HNbgkEzqGsUeswC4KVNQjdpm66nX8Re YtPpHv5HVnWxMY/e29QQ2zxaQW9G65bY+t5t1TrNx18mQwA/o2oGpadrRYVvkdC4q8TH VCHrv9jvugGZ7GHDU5Qg3J8jyMJVQeUz5XUONdH+7nqZbRrncIalzMzKmAREg4jBUigs rf4A== X-Gm-Message-State: AOAM531FYL66bGdUbxhFscIsOTUkp0u+CnxJ2GMlnZ5RkNn9WsZamb/c cEdHozseweAW59OEEH3smOQ= X-Received: by 2002:a62:840b:0:b0:4fa:31ae:7739 with SMTP id k11-20020a62840b000000b004fa31ae7739mr11730077pfd.6.1648832969146; Fri, 01 Apr 2022 10:09:29 -0700 (PDT) Received: from [192.168.86.235] (c-73-241-150-58.hsd1.ca.comcast.net. [73.241.150.58]) by smtp.gmail.com with ESMTPSA id bt18-20020a056a00439200b004faad3ae59esm3581968pfb.95.2022.04.01.10.09.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 01 Apr 2022 10:09:28 -0700 (PDT) Message-ID: <5d9fed4f-ff87-cb14-3c7d-8899cb3e4370@gmail.com> Date: Fri, 1 Apr 2022 10:09:26 -0700 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.6.2 Subject: Re: [PATCH] net/ipv4: fix potential NULL dereference in sisfb_post_sis300() Content-Language: en-US To: Haowen Bai , "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , Paolo Abeni Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org References: <1648785432-21824-1-git-send-email-baihaowen@meizu.com> From: Eric Dumazet In-Reply-To: <1648785432-21824-1-git-send-email-baihaowen@meizu.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.3 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,NICE_REPLY_A, RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 3/31/22 20:57, Haowen Bai wrote: > psin and psl could be null without checking null and return, so > we need to dereference after checking. > > Signed-off-by: Haowen Bai > --- > net/ipv4/igmp.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c > index 2ad3c7b..d400080 100644 > --- a/net/ipv4/igmp.c > +++ b/net/ipv4/igmp.c > @@ -2569,7 +2569,7 @@ int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf, > copy_to_user(optval, msf, IP_MSFILTER_SIZE(0))) { > return -EFAULT; > } > - if (len && > + if (len && psl && len can not be !0 here if len was 0 psl = rtnl_dereference(pmc->sflist); if (!psl) {    count = 0; ->len == 0 > copy_to_user(&optval->imsf_slist_flex[0], psl->sl_addr, len)) > return -EFAULT; > return 0; > @@ -2608,7 +2608,7 @@ int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, > count = psl ? psl->sl_count : 0; > copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; > gsf->gf_numsrc = count; > - for (i = 0; i < copycount; i++, p++) { > + for (i = 0; i < copycount && psin && psl; i++, p++) { > struct sockaddr_storage ss; > > psin = (struct sockaddr_in *)&ss; Same here.