{"id":811645,"url":"http://patchwork.ozlabs.org/api/1.2/patches/811645/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/20170908150235.2931-1-colin.king@canonical.com/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/1.2/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170908150235.2931-1-colin.king@canonical.com>","list_archive_url":null,"date":"2017-09-08T15:02:35","name":"can: check for null sk before deferencing it via the call to sock_net","commit_ref":null,"pull_url":null,"state":"awaiting-upstream","archived":true,"hash":"0fd9ef723ffbed3e5da0b5af7dcdc6d3fdcab01f","submitter":{"id":2900,"url":"http://patchwork.ozlabs.org/api/1.2/people/2900/?format=json","name":"Colin Ian King","email":"colin.king@canonical.com"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/1.2/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/20170908150235.2931-1-colin.king@canonical.com/mbox/","series":[{"id":2233,"url":"http://patchwork.ozlabs.org/api/1.2/series/2233/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/list/?series=2233","date":"2017-09-08T15:02:35","name":"can: check for null sk before deferencing it via the call to sock_net","version":1,"mbox":"http://patchwork.ozlabs.org/series/2233/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/811645/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/811645/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":"ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xpgY90nHJz9sBd\n\tfor <patchwork-incoming@ozlabs.org>;\n\tSat,  9 Sep 2017 01:02:53 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1754667AbdIHPCn (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tFri, 8 Sep 2017 11:02:43 -0400","from youngberry.canonical.com ([91.189.89.112]:60587 \"EHLO\n\tyoungberry.canonical.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1751166AbdIHPCm (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Fri, 8 Sep 2017 11:02:42 -0400","from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost)\n\tby youngberry.canonical.com with esmtpsa\n\t(TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76)\n\t(envelope-from <colin.king@canonical.com>)\n\tid 1dqKnj-0000fY-EZ; Fri, 08 Sep 2017 15:02:35 +0000"],"From":"Colin King <colin.king@canonical.com>","To":"Oliver Hartkopp <socketcan@hartkopp.net>,\n\tMarc Kleine-Budde <mkl@pengutronix.de>,\n\t\"David S . Miller\" <davem@davemloft.net>,\n\tlinux-can@vger.kernel.org, netdev@vger.kernel.org","Cc":"kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org","Subject":"[PATCH] can: check for null sk before deferencing it via the call\n\tto sock_net","Date":"Fri,  8 Sep 2017 16:02:35 +0100","Message-Id":"<20170908150235.2931-1-colin.king@canonical.com>","X-Mailer":"git-send-email 2.14.1","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"From: Colin Ian King <colin.king@canonical.com>\n\nThe assignment of net via call sock_net will dereference sk. This\nis performed before a sanity null check on sk, so there could be\na potential null dereference on the sock_net call if sk is null.\nFix this by assigning net after the sk null check. Also replace\nthe sk == NULL with the more usual !sk idiom.\n\nDetected by CoverityScan CID#1431862 (\"Dereference before null check\")\n\nFixes: 384317ef4187 (\"can: network namespace support for CAN_BCM protocol\")\nSigned-off-by: Colin Ian King <colin.king@canonical.com>\n---\n net/can/bcm.c | 5 +++--\n 1 file changed, 3 insertions(+), 2 deletions(-)","diff":"diff --git a/net/can/bcm.c b/net/can/bcm.c\nindex 47a8748d953a..a3791674b8ce 100644\n--- a/net/can/bcm.c\n+++ b/net/can/bcm.c\n@@ -1493,13 +1493,14 @@ static int bcm_init(struct sock *sk)\n static int bcm_release(struct socket *sock)\n {\n \tstruct sock *sk = sock->sk;\n-\tstruct net *net = sock_net(sk);\n+\tstruct net *net;\n \tstruct bcm_sock *bo;\n \tstruct bcm_op *op, *next;\n \n-\tif (sk == NULL)\n+\tif (!sk)\n \t\treturn 0;\n \n+\tnet = sock_net(sk);\n \tbo = bcm_sk(sk);\n \n \t/* remove bcm_ops, timer, rx_unregister(), etc. */\n","prefixes":[]}