[systemd-devel] [PATCH] kdbus: Check for bloom parameter in "make bus" command

Ingo van Lil Sat, 29 Mar 2014 09:56:22 -0700

When handling a KDBUS_CMD_BUS_MAKE command the kernel must make sure
that the message contains a bloom parameter item to avoid a null-
pointer dereference.


Signed-off-by: Ingo van Lil <ing...@gmx.de>
---
 bus.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bus.c b/bus.c
index 8c4efda..9fea643 100644
--- a/bus.c
+++ b/bus.c
@@ -359,7 +359,7 @@ int kdbus_bus_make_user(const struct kdbus_cmd_make *make,
        if (!KDBUS_ITEMS_END(item, make->items, KDBUS_ITEMS_SIZE(make, items)))
                return -EINVAL;
 
-       if (!n)
+       if (!n || !bl)
                return -EBADMSG;
 
        if (bl->size < 8 || bl->size > KDBUS_BUS_BLOOM_MAX_SIZE)
-- 
1.9.0

_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel

[systemd-devel] [PATCH] kdbus: Check for bloom parameter in "make bus" command

Reply via email to