Re: [PATCH] net/irda: fix NULL pointer dereference on memory allocation failure

2016-07-25 Thread David Miller 
From: Vegard Nossum 
Date: Sat, 23 Jul 2016 07:43:50 +0200

> I ran into this:
 ...
> The problem is that irda_open_tsap() can fail and leave self->tsap = NULL,
> and then irttp_connect_request() almost immediately dereferences it.
> 
> Cc: sta...@vger.kernel.org
> Signed-off-by: Vegard Nossum 

Applied and queued up for -stable, thanks.

[PATCH] net/irda: fix NULL pointer dereference on memory allocation failure

2016-07-22 Thread Vegard Nossum 
I ran into this:

kasan: CONFIG_KASAN_INLINE enabled
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault:  [#1] PREEMPT SMP KASAN
CPU: 2 PID: 2012 Comm: trinity-c3 Not tainted 4.7.0-rc7+ #19
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 
Ubuntu-1.8.2-1ubuntu1 04/01/2014
task: 8800b745f2c0 ti: 88011174 task.ti: 88011174
RIP: 0010:[]  [] 
irttp_connect_request+0x36/0x710
RSP: 0018:880111747bb8  EFLAGS: 00010286
RAX: dc00 RBX:  RCX: 69dd8358
RDX: 0009 RSI: 0027 RDI: 0048
RBP: 880111747c00 R08:  R09: 
R10: 69dd8358 R11: 10759723 R12: 
R13: 88011a7e4780 R14: 0027 R15: 
FS:  7fc738404700() GS:88011af0() knlGS:
CS:  0010 DS:  ES:  CR0: 80050033
CR2: 7fc737fdfb10 CR3: 000118087000 CR4: 06e0
Stack:
 0200 880111747bd8 810ee611 880119f1f220
 880119f1f4f8 880119f1f4f0 88011a7e4780 880119f1f232
 880119f1f220 880111747d58 82bca542 
Call Trace:
 [] irda_connect+0x562/0x1190
 [] SYSC_connect+0x202/0x2a0
 [] SyS_connect+0x9/0x10
 [] do_syscall_64+0x19c/0x410
 [] entry_SYSCALL64_slow_path+0x25/0x25
Code: 41 89 ca 48 89 e5 41 57 41 56 41 55 41 54 41 89 d7 53 48 89 fb 48 83 
c7 48 48 89 fa 41 89 f6 48 c1 ea 03 48 83 ec 20 4c 8b 65 10 <0f> b6 04 02 84 c0 
74 08 84 c0 0f 8e 4c 04 00 00 80 7b 48 00 74
RIP  [] irttp_connect_request+0x36/0x710
 RSP 
---[ end trace 4cda2588bc055b30 ]---

The problem is that irda_open_tsap() can fail and leave self->tsap = NULL,
and then irttp_connect_request() almost immediately dereferences it.

Cc: sta...@vger.kernel.org
Signed-off-by: Vegard Nossum 
---
 net/irda/af_irda.c | 7 +--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index 923abd6..8d2f7c9 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1024,8 +1024,11 @@ static int irda_connect(struct socket *sock, struct 
sockaddr *uaddr,
}
 
/* Check if we have opened a local TSAP */
-   if (!self->tsap)
-   irda_open_tsap(self, LSAP_ANY, addr->sir_name);
+   if (!self->tsap) {
+   err = irda_open_tsap(self, LSAP_ANY, addr->sir_name);
+   if (err)
+   goto out;
+   }
 
/* Move to connecting socket, start sending Connect Requests */
sock->state = SS_CONNECTING;
-- 
1.9.1