LinuxLists.cc - [PATCH] libertas_tf: avoid a null dereference in pointer priv

2020-05-01 17:39:39

Subject: [PATCH] libertas_tf: avoid a null dereference in pointer priv

From: Colin Ian King <[email protected]>

Currently there is a check if priv is null when calling lbtf_remove_card
but not in a previous call to if_usb_reset_dev that can also dereference
priv. Fix this by also only calling lbtf_remove_card if priv is null.

It is noteable that there don't seem to be any bugs reported that the
null pointer dereference has ever occurred, so I'm not sure if the null
check is required, but since we're doing a null check anyway it should
be done for both function calls.

Addresses-Coverity: ("Dereference before null check")
Fixes: baa0280f08c7 ("libertas_tf: don't defer firmware loading until start()")
Signed-off-by: Colin Ian King <[email protected]>
---
drivers/net/wireless/marvell/libertas_tf/if_usb.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/wireless/marvell/libertas_tf/if_usb.c b/drivers/net/wireless/marvell/libertas_tf/if_usb.c
index 25ac9db35dbf..bedc09215088 100644
--- a/drivers/net/wireless/marvell/libertas_tf/if_usb.c
+++ b/drivers/net/wireless/marvell/libertas_tf/if_usb.c
@@ -247,10 +247,10 @@ static void if_usb_disconnect(struct usb_interface *intf)

lbtf_deb_enter(LBTF_DEB_MAIN);

- if_usb_reset_device(priv);
-
- if (priv)
+ if (priv) {
+ if_usb_reset_device(priv);
lbtf_remove_card(priv);
+ }

/* Unlink and free urb */
if_usb_free(cardp);
--
2.25.1

2020-05-06 08:45:59

by Kalle Valo

[permalink] [raw]

Subject: Re: [PATCH] libertas_tf: avoid a null dereference in pointer priv

Colin King <[email protected]> wrote:

> From: Colin Ian King <[email protected]>
>
> Currently there is a check if priv is null when calling lbtf_remove_card
> but not in a previous call to if_usb_reset_dev that can also dereference
> priv. Fix this by also only calling lbtf_remove_card if priv is null.
>
> It is noteable that there don't seem to be any bugs reported that the
> null pointer dereference has ever occurred, so I'm not sure if the null
> check is required, but since we're doing a null check anyway it should
> be done for both function calls.
>
> Addresses-Coverity: ("Dereference before null check")
> Fixes: baa0280f08c7 ("libertas_tf: don't defer firmware loading until start()")
> Signed-off-by: Colin Ian King <[email protected]>

Patch applied to wireless-drivers-next.git, thanks.

049ceac308b0 libertas_tf: avoid a null dereference in pointer priv

--
https://patchwork.kernel.org/patch/11523055/

https://wireless.wiki.kernel.org/en/developers/documentation/submittingpatches