Re: [PATCH] net: bridge: fix potential null pointer dereference on return from br_port_get_rtnl()
From: Stephen Hemminger
Date: Thu Jun 21 2018 - 19:21:26 EST
On Fri, 22 Jun 2018 07:20:56 +0900 (KST)
David Miller <davem@xxxxxxxxxxxxx> wrote:
> From: Garry McNulty <garrmcnu@xxxxxxxxx>
> Date: Thu, 21 Jun 2018 21:14:27 +0100
>
> > br_port_get_rtnl() can return NULL if the network device is not a bridge
> > port (IFF_BRIDGE_PORT flag not set). br_port_slave_changelink() and
> > br_port_fill_slave_info() callbacks dereference this pointer without
> > checking. Currently this is not a problem because slave devices always
> > set this flag. Add null check in case these conditions ever change.
> >
> > Detected by CoverityScan, CID 1339613 ("Dereference null return value")
> >
> > Signed-off-by: Garry McNulty <garrmcnu@xxxxxxxxx>
>
> I don't think this is reasonable.
>
> The bridge code will never, ever, install a slave that doesn't have
> that bit set. It's the most fundamental aspect of how these objects
> are managed.
Agree with dave. Workarounds for static tools are ok if they don't introduce
other paths. But if your fix introduces another error path which can never
be reached, it is hurting not helping.