Re: [PATCH net] mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()

From: Ido Schimmel
Date: Tue Apr 18 2023 - 02:15:47 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH] usb: typec: fix potential NULL dereference"
Previous message: Arnd Bergmann: "Re: [PATCH] media: nxp: imx8-isi: fix buiding on 32-bit"
In reply to: Nikita Zhandarovich: "[PATCH net] mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net] mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 17, 2023 at 05:07:18AM -0700, Nikita Zhandarovich wrote:
> Function mlxfw_mfa2_tlv_multi_get() returns NULL if 'tlv' in
> question does not pass checks in mlxfw_mfa2_tlv_payload_get(). This
> behaviour may lead to NULL pointer dereference in 'multi->total_len'.
> Fix this issue by testing mlxfw_mfa2_tlv_multi_get()'s return value
> against NULL.
>
> Found by Linux Verification Center (linuxtesting.org) with static
> analysis tool SVACE.
>
> Fixes: 410ed13cae39 ("Add the mlxfw module for Mellanox firmware flash process")
> Co-developed-by: Natalia Petrova <n.petrova@xxxxxxxxxx>
> Signed-off-by: Nikita Zhandarovich <n.zhandarovich@xxxxxxxxxx>

Reviewed-by: Ido Schimmel <idosch@xxxxxxxxxx>

Next message: Greg Kroah-Hartman: "Re: [PATCH] usb: typec: fix potential NULL dereference"
Previous message: Arnd Bergmann: "Re: [PATCH] media: nxp: imx8-isi: fix buiding on 32-bit"
In reply to: Nikita Zhandarovich: "[PATCH net] mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH net] mlxfw: fix null-ptr-deref in mlxfw_mfa2_tlv_next()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]