[CHECKER] Fix "null-deref" error in khttpd

• Next message: Erik Andersen: "Re: [patch] clone_startup(), 2.5.31-A0"
• Previous message: Christoph Hellwig: "Re: [patch] clone_startup(), 2.5.31-A0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I have not tested this, but it's "obviously correct", and it
should fix a minor error reported by the Stanford checker in khttpd;
see http://marc.theaimsgroup.com/?l=linux-kernel&m=99601418013486

It was posted to the khttpd mailing list a week or so ago.
Comments welcome.
- Dan

--- linux-2.4.19-pre9/net/khttpd/security.c.orig Tue Aug 6 16:13:21 2002
+++ linux/net/khttpd/security.c Tue Aug 6 16:33:08 2002
@@ -83,22 +83,21 @@
 */
 struct file *OpenFileForSecurity(char *Filename)
 {
- struct file *filp;
+ struct file *filp = NULL;
         struct DynamicString *List;
         umode_t permission;
         
-
-
         EnterFunction("OpenFileForSecurity");
         if (Filename==NULL)
- return NULL;
+ goto out_error;
         
- if (strlen(Filename)>=256 ) return NULL; /* Sanity check */
+ if (strlen(Filename)>=256 )
+ goto out_error; /* Sanity check */
         
         /* Rule no. 1 -- No "?" characters */
 #ifndef BENCHMARK
         if (strchr(Filename,'?')!=NULL)
- return NULL;
+ goto out_error;
 
         /* Intermediate step: decode all %hex sequences */
         
@@ -106,9 +105,8 @@
 
         /* Rule no. 2 -- Must start with a "/" */
         
-
         if (Filename[0]!='/')
- return NULL;
+ goto out_error;
                 
 #endif
         /* Rule no. 3 -- Does the file exist ? */
@@ -116,55 +114,44 @@
         filp = filp_open(Filename, O_RDONLY, 0);
         
         if (IS_ERR(filp))
- return NULL;
+ goto out_error;
 
 #ifndef BENCHMARK
         permission = filp->f_dentry->d_inode->i_mode;
         
         /* Rule no. 4 : must have enough permissions */
         
-
         if ((permission & sysctl_khttpd_permreq)==0)
- {
- if (filp!=NULL)
- fput(filp);
- filp=NULL;
- return NULL;
- }
-
+ goto out_error_put;
+
         /* Rule no. 5 : cannot have "forbidden" permission */
         
-
         if ((permission & sysctl_khttpd_permforbid)!=0)
- {
- if (filp!=NULL)
- fput(filp);
- filp=NULL;
- return NULL;
- }
+ goto out_error_put;
                 
         /* Rule no. 6 : No string in DynamicList can be a
                         substring of the filename */
-
         
         List = DynamicList;
-
         while (List!=NULL)
         {
                 if (strstr(Filename,List->value)!=NULL)
- {
- if (filp!=NULL)
- fput(filp);
- filp=NULL;
- return NULL;
- }
+ goto out_error_put;
+
                 List = List->Next;
         }
         
 #endif
         LeaveFunction("OpenFileForSecurity - success");
-
+out:
         return filp;
+
+out_error_put:
+ fput(filp);
+out_error:
+ filp=NULL;
+ LeaveFunction("OpenFileForSecurity - fail");
+ goto out;
 }
 
 /*
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

• Next message: Erik Andersen: "Re: [patch] clone_startup(), 2.5.31-A0"
• Previous message: Christoph Hellwig: "Re: [patch] clone_startup(), 2.5.31-A0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Thu Aug 15 2002 - 22:00:32 EST