renegade-project/linux-next
2
0
Fork 0
mirror of https://github.com/edk2-porting/linux-next.git synced 2024-12-19 10:44:14 +08:00
Code
d3e6952cfb
linux-next/net
History
Vegard Nossum d3e6952cfb net/irda: fix NULL pointer dereference on memory allocation failure 
I ran into this:

    kasan: CONFIG_KASAN_INLINE enabled
    kasan: GPF could be caused by NULL-ptr deref or user memory access
    general protection fault: 0000 [#1] PREEMPT SMP KASAN
    CPU: 2 PID: 2012 Comm: trinity-c3 Not tainted 4.7.0-rc7+ #19
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
    task: ffff8800b745f2c0 ti: ffff880111740000 task.ti: ffff880111740000
    RIP: 0010:[<ffffffff82bbf066>]  [<ffffffff82bbf066>] irttp_connect_request+0x36/0x710
    RSP: 0018:ffff880111747bb8  EFLAGS: 00010286
    RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000069dd8358
    RDX: 0000000000000009 RSI: 0000000000000027 RDI: 0000000000000048
    RBP: ffff880111747c00 R08: 0000000000000000 R09: 0000000000000000
    R10: 0000000069dd8358 R11: 1ffffffff0759723 R12: 0000000000000000
    R13: ffff88011a7e4780 R14: 0000000000000027 R15: 0000000000000000
    FS:  00007fc738404700(0000) GS:ffff88011af00000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 00007fc737fdfb10 CR3: 0000000118087000 CR4: 00000000000006e0
    Stack:
     0000000000000200 ffff880111747bd8 ffffffff810ee611 ffff880119f1f220
     ffff880119f1f4f8 ffff880119f1f4f0 ffff88011a7e4780 ffff880119f1f232
     ffff880119f1f220 ffff880111747d58 ffffffff82bca542 0000000000000000
    Call Trace:
     [<ffffffff82bca542>] irda_connect+0x562/0x1190
     [<ffffffff825ae582>] SYSC_connect+0x202/0x2a0
     [<ffffffff825b4489>] SyS_connect+0x9/0x10
     [<ffffffff8100334c>] do_syscall_64+0x19c/0x410
     [<ffffffff83295ca5>] entry_SYSCALL64_slow_path+0x25/0x25
    Code: 41 89 ca 48 89 e5 41 57 41 56 41 55 41 54 41 89 d7 53 48 89 fb 48 83 c7 48 48 89 fa 41 89 f6 48 c1 ea 03 48 83 ec 20 4c 8b 65 10 <0f> b6 04 02 84 c0 74 08 84 c0 0f 8e 4c 04 00 00 80 7b 48 00 74
    RIP  [<ffffffff82bbf066>] irttp_connect_request+0x36/0x710
     RSP <ffff880111747bb8>
    ---[ end trace 4cda2588bc055b30 ]---

The problem is that irda_open_tsap() can fail and leave self->tsap = NULL,
and then irttp_connect_request() almost immediately dereferences it.

Cc: stable@vger.kernel.org
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-07-25 11:24:49 -07:00
..
6lowpan 6lowpan: ndisc: set invalid unicast short addr to unspec 2016-07-08 13:23:12 +02:00
9p remove lots of IS_ERR_VALUE abuses 2016-05-27 15:26:11 -07:00
802
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-07-24 00:53:32 -04:00
appletalk appletalk: fix erroneous return value 2016-02-18 14:59:34 -05:00
atm net: add dev arg to ndo_neigh_construct/destroy 2016-07-05 09:06:28 -07:00
ax25 AX.25: Close socket connection on session completion 2016-06-18 20:55:34 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-07-24 00:53:32 -04:00
bluetooth Bluetooth: Add debugfs fields for hardware and firmware info 2016-07-18 09:33:28 +03:00
bridge bridge: Fix incorrect re-injection of LLDP packets 2016-07-25 10:53:34 -07:00
caif caif: Remove unneeded header file 2016-06-28 05:26:14 -04:00
can can: only call can_stat_update with procfs 2016-06-23 11:23:49 +02:00
ceph libceph: use %s instead of %pE in dout()s 2016-05-30 23:00:23 +02:00
core bpf, events: fix offset in skb copy handler 2016-07-25 10:34:11 -07:00
dcb
dccp dccp: limit sk_filter trim to payload 2016-07-13 11:53:41 -07:00
decnet net: fix decnet rtnexthop parsing 2016-07-05 14:08:47 -07:00
dns_resolver KEYS: Add a facility to restrict new links into a keyring 2016-04-11 22:37:37 +01:00
dsa net: dsa: support switchdev ageing time attr 2016-07-19 19:42:01 -07:00
ethernet eth: Pull header from first fragment via eth_get_headlen 2016-02-24 13:58:05 -05:00
hsr net/hsr: Use setup_timer and mod_timer. 2016-05-16 14:00:43 -04:00
ieee802154 ieee802154: 6lowpan: fix intra pan id check 2016-07-08 13:23:12 +02:00
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2016-07-24 22:02:36 -07:00
ipv6 net: ipv6: Always leave anycast and multicast groups on link down 2016-07-25 11:15:58 -07:00
ipx
irda net/irda: fix NULL pointer dereference on memory allocation failure 2016-07-25 11:24:49 -07:00
iucv af_iucv: use paged SKBs for big inbound messages 2016-06-15 12:21:05 -07:00
kcm kcm: remove redundant -ve error check and return path 2016-07-25 11:17:16 -07:00
key
l2tp ipv6: use TOS marks from sockets for routing decision 2016-06-11 15:33:26 -07:00
l3mdev net: vrf: Implement get_saddr for IPv6 2016-06-17 21:25:29 -07:00
lapb net/lapb: tuse %*ph to dump buffers 2016-05-29 22:33:25 -07:00
llc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-05-09 15:59:24 -04:00
mac80211 cfg80211: Add mesh peer AID setting API 2016-07-06 15:04:52 +02:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2016-03-19 10:05:34 -07:00
mpls mpls: allow routes on ipip and sit devices 2016-07-09 17:45:56 -04:00
ncsi net/ncsi: avoid maybe-uninitialized warning 2016-07-25 10:32:59 -07:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2016-07-24 22:02:36 -07:00
netlabel netlabel: fix a problem with netlbl_secattr_catmap_setrng() 2016-04-05 16:10:47 -04:00
netlink net/netlink/af_netlink.h: Remove unused structure. 2016-06-09 22:26:24 -07:00
netrom
nfc NFC: digital: Fix RTOX supervisor PDU handling 2016-07-11 02:02:03 +02:00
openvswitch netfilter: conntrack: support a fixed size of 128 distinct labels 2016-07-22 17:04:55 +02:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-07-24 00:53:32 -04:00
phonet
qrtr Merge tag 'qcom-soc-for-4.7-2' into net-next 2016-05-17 14:11:19 -04:00
rds RDS: TCP: Enable multipath RDS for TCP 2016-07-15 11:36:58 -07:00
rfkill rfkill: Use switch to demux userspace operations 2016-04-05 10:48:53 +02:00
rose rose: limit sk_filter trim to payload 2016-07-13 11:53:40 -07:00
rxrpc rxrpc: checking for IS_ERR() instead of NULL 2016-07-15 14:16:25 -07:00
sched net/sched: Add match-all classifier hw offloading. 2016-07-24 23:11:59 -07:00
sctp sctp: also point GSO head_skb to the sk when it's available 2016-07-25 11:23:27 -07:00
sunrpc rpc: share one xps between all backchannels 2016-06-15 10:32:25 -04:00
switchdev net/switchdev: Export the same parent ID service function 2016-07-14 13:34:29 -07:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-07-24 00:53:32 -04:00
unix Merge branch 'overlayfs-af_unix-fix' into overlayfs-linus 2016-06-12 12:05:21 +02:00
vmw_vsock vsock: make listener child lock ordering explicit 2016-06-27 10:44:46 -04:00
wimax
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-07-24 00:53:32 -04:00
x25 net: fix a kernel infoleak in x25 module 2016-05-09 22:45:33 -04:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-05-09 15:59:24 -04:00
compat.c packet: compat support for sock_fprog 2016-06-09 23:41:03 -07:00
Kconfig net/ncsi: Resource management 2016-07-19 20:49:16 -07:00
Makefile net/ncsi: Resource management 2016-07-19 20:49:16 -07:00
socket.c fs: poll/select/recvmmsg: use timespec64 for timeout events 2016-05-19 19:12:14 -07:00
sysctl_net.c