Date: Thu, 20 Sep 2018 13:28:25 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 231514] Potential null pointer deference in function ffec_alloc_mbufcl (sys/dev/ffec/if_ffec.c) Message-ID: <bug-231514-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D231514 Bug ID: 231514 Summary: Potential null pointer deference in function ffec_alloc_mbufcl (sys/dev/ffec/if_ffec.c) Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: yangx92@hotmail.com Created attachment 197278 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D197278&action= =3Dedit Patch_for_FFEC_NULL-POINTER-DEFERENCE There is a potential null pointer deference in function ffec_alloc_mbufcl (sys/dev/ffec/if_ffec.c). 798 static struct mbuf * 799 ffec_alloc_mbufcl(struct ffec_softc *sc) 800 { 801 struct mbuf *m; 802=20 803 m =3D m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR); 804 m->m_pkthdr.len =3D m->m_len =3D m->m_ext.ext_size; 805=20 806 return (m); 807 } m_getcl(how, type, flags) Fetch an mbuf with a mbuf cluster attached to it. If one of the allocations fails, the entire allocation fails. This routine is the preferred way of fetching both the mbuf and mbuf cluster together, as it avoids having to unlock/relock between allocations. Returns NULL on failure. if line 803 return NULL on failure, then there is a null pointer deference vulnerability. The attachment is the proposal patch. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-231514-227>