Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 5f0b9f0611eef41eb77ac666a985c40e414f72ae
commit5f0b9f0611eef41eb77ac666a985c40e414f72ae[log] [tgz]
authorJia-Ju Bai <baijiaju1990@gmail.com>Tue Jul 23 18:00:15 2019 +0800
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>Mon Oct 07 18:53:17 2019 +0200
treeafe9006434ddcd29c73dd162bf8122a16fbefa07
parente703be394ef281d33e4bc33e9e4536f3794c1dab [diff]
security: smack: Fix possible null-pointer dereferences in smack_socket_sock_rcv_skb()

[ Upstream commit 3f4287e7d98a2954f20bf96c567fdffcd2b63eb9 ]

In smack_socket_sock_rcv_skb(), there is an if statement
on line 3920 to check whether skb is NULL:
    if (skb && skb->secmark != 0)

This check indicates skb can be NULL in some cases.

But on lines 3931 and 3932, skb is used:
    ad.a.u.net->netif = skb->skb_iif;
    ipv6_skb_to_auditdata(skb, &ad.a, NULL);

Thus, possible null-pointer dereferences may occur when skb is NULL.

To fix these possible bugs, an if statement is added to check skb.

These bugs are found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
1 file changed
tree: afe9006434ddcd29c73dd162bf8122a16fbefa07
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README
  35. REPORTING-BUGS