Re: [GIT PULL] Fix for Integrity subsystem null pointer deref

From: Dan Carpenter
Date: Wed Oct 29 2014 - 14:36:32 EST

On Wed, Oct 29, 2014 at 09:23:45AM -0700, Andy Lutomirski wrote:
> I have no idea what the semantics are. All I'm saying is that it
> looks like the code still accesses memory past the end of the buffer.
> The buffer isn't a null pointer, so the symptom is different, but it
> may still be a security bug.
> --Andy

It only reads one byte into the struct "xattr_data->type" so checking
for non-zero is sufficient and the patch is fine.

I fixed that exact same bug in lustre last week where the xattr size is
not zero but it's less than the size of the struct. So this seems like
maybe it could be a common anti-pattern though.

dan carpenter

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at