LinuxLists.cc - [PATCH] emulator: Fix possible NULL dereference

2014-01-08 15:10:54

Subject: [PATCH] emulator: Fix possible NULL dereference

From: Andrei Emeltchenko <[email protected]>

Move test dereference after it is checked for NULL.
---
tools/mgmt-tester.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/tools/mgmt-tester.c b/tools/mgmt-tester.c
index c518e47..325def1 100644
--- a/tools/mgmt-tester.c
+++ b/tools/mgmt-tester.c
@@ -2646,6 +2646,14 @@ static void test_setup(const void *test_data)
const struct generic_data *test = data->test_data;
const uint16_t *cmd;

+ if (!test || !test->setup_settings) {
+ if (data->test_setup)
+ data->test_setup(data);
+ else
+ tester_setup_complete();
+ return;
+ }
+
if (test->pin) {
struct bthost *bthost = hciemu_client_get_host(data->hciemu);

@@ -2655,14 +2663,6 @@ static void test_setup(const void *test_data)
data, NULL);
}

- if (!test || !test->setup_settings) {
- if (data->test_setup)
- data->test_setup(data);
- else
- tester_setup_complete();
- return;
- }
-
for (cmd = test->setup_settings; *cmd; cmd++) {
unsigned char simple_param[] = { 0x01 };
unsigned char discov_param[] = { 0x01, 0x00, 0x00 };
--
1.8.3.2

2014-01-08 15:26:05

by Johan Hedberg

[permalink] [raw]

Subject: Re: [PATCH] emulator: Fix possible NULL dereference

Hi Andrei,

On Wed, Jan 08, 2014, Andrei Emeltchenko wrote:
> Move test dereference after it is checked for NULL.
> ---
> tools/mgmt-tester.c | 16 ++++++++--------
> 1 file changed, 8 insertions(+), 8 deletions(-)
>
> diff --git a/tools/mgmt-tester.c b/tools/mgmt-tester.c
> index c518e47..325def1 100644
> --- a/tools/mgmt-tester.c
> +++ b/tools/mgmt-tester.c
> @@ -2646,6 +2646,14 @@ static void test_setup(const void *test_data)
> const struct generic_data *test = data->test_data;
> const uint16_t *cmd;
>
> + if (!test || !test->setup_settings) {
> + if (data->test_setup)
> + data->test_setup(data);
> + else
> + tester_setup_complete();
> + return;
> + }
> +
> if (test->pin) {
> struct bthost *bthost = hciemu_client_get_host(data->hciemu);
>
> @@ -2655,14 +2663,6 @@ static void test_setup(const void *test_data)
> data, NULL);
> }
>
> - if (!test || !test->setup_settings) {
> - if (data->test_setup)
> - data->test_setup(data);
> - else
> - tester_setup_complete();
> - return;
> - }
> -
> for (cmd = test->setup_settings; *cmd; cmd++) {
> unsigned char simple_param[] = { 0x01 };
> unsigned char discov_param[] = { 0x01, 0x00, 0x00 };

This isn't quite right since setup_settings might be NULL while pin is
non-NULL. I pushed a simpler correct fix myself.

Johan