[no subject]
subscribe netdev - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [2.6 patch] net/llc/llc_conn.c: fix possible NULL dereference
Randy Dunlap wrote: On Sat, 19 May 2007 13:13:07 +0800 Eugene Teo wrote: skb_peek() might return an empty list. skb should be checked before calling llc_pdu_sn_hdr() with it. Spotted by the Coverity checker. Signed-off-by: Eugene Teo [EMAIL PROTECTED] [...] Oh, and your patch has spaces instead of tabs. It's a hassle to get thunderbird to send a patch that preserves tabs. See if this: http://mbligh.org/linuxdocs/Email/Clients/Thunderbird helps you any. Here's a resend: skb_peek() might return an empty list. skb should be checked before calling llc_pdu_sn_hdr() with it. Spotted by the Coverity checker. Signed-off-by: Eugene Teo [EMAIL PROTECTED] diff --git a/net/llc/llc_conn.c b/net/llc/llc_conn.c index 3b8cfbe..6d3a07e 100644 --- a/net/llc/llc_conn.c +++ b/net/llc/llc_conn.c @@ -324,6 +324,8 @@ int llc_conn_remove_acked_pdus(struct sock *sk, u8 nr, u16 *how_many_unacked) if (!q_len) goto out; skb = skb_peek(llc-pdu_unack_q); + if (!skb) + goto out; pdu = llc_pdu_sn_hdr(skb); /* finding position of last acked pdu in queue */
Re: [PATCH] getsockopt() early argument sanity checking
Willy Tarreau wrote: On Sun, Aug 20, 2006 at 02:05:20AM +0200, Michael Buesch wrote: On Sunday 20 August 2006 01:48, Willy Tarreau wrote: On Sun, Aug 20, 2006 at 03:05:32AM +0400, Solar Designer wrote: [snipped] diff --git a/net/socket.c b/net/socket.c index ac45b13..910ef88 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1307,11 +1307,17 @@ asmlinkage long sys_setsockopt(int fd, i asmlinkage long sys_getsockopt(int fd, int level, int optname, char *optval, int *optlen) { int err; + int len; struct socket *sock; if ((sock = sockfd_lookup(fd, err))!=NULL) { - if (level == SOL_SOCKET) + /* XXX: insufficient for SMP, but should be redundant anyway */ + if (get_user(len, optlen)) + err = -EFAULT; + else if (len 0) ^ s/else// + err = -EINVAL; + else if (level == SOL_SOCKET) s/else// err=sock_getsockopt(sock,level,optname,optval,optlen); else err=sock-ops-getsockopt(sock, level, optname, optval, optlen); These checks are already in getsockopt(). Duplicated code? Eugene -- eteo redhat.com ph: +65 6490 4142 http://www.kernel.org/~eugeneteo gpg fingerprint: 47B9 90F6 AE4A 9C51 37E0 D6E1 EA84 C6A2 58DF 8823 - To unsubscribe from this list: send the line unsubscribe netdev in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html