[Openipmi-developer] [PATCH] ipmi: ssif: potential NULL dereference in msg_done_handler()

Haowen Bai Fri, 01 Apr 2022 05:49:06 -0700

msg could be null without checking null and return, but still dereference
msg->rsp[2] and will lead to a null pointer trigger.


Signed-off-by: Haowen Bai <baihao...@meizu.com>
---
 drivers/char/ipmi/ipmi_ssif.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/char/ipmi/ipmi_ssif.c b/drivers/char/ipmi/ipmi_ssif.c
index f199cc1..9383de3 100644
--- a/drivers/char/ipmi/ipmi_ssif.c
+++ b/drivers/char/ipmi/ipmi_ssif.c
@@ -814,7 +814,7 @@ static void msg_done_handler(struct ssif_info *ssif_info, 
int result,
                break;
 
        case SSIF_GETTING_EVENTS:
-               if ((result < 0) || (len < 3) || (msg->rsp[2] != 0)) {
+               if ((result < 0) || (len < 3) || (msg && (msg->rsp[2] != 0))) {
                        /* Error getting event, probably done. */
                        msg->done(msg);
 
-- 
2.7.4



_______________________________________________
Openipmi-developer mailing list
Openipmi-developer@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openipmi-developer

[Openipmi-developer] [PATCH] ipmi: ssif: potential NULL dereference in msg_done_handler()

Reply via email to