Re: [PATCH] staging: speakup: fix tty-operation NULL derefs

From: Samuel Thibault
Date: Wed Jan 30 2019 - 04:54:48 EST


Johan Hovold, le mer. 30 janv. 2019 10:49:34 +0100, a ecrit:
> The send_xchar() and tiocmset() tty operations are optional. Add the
> missing sanity checks to prevent user-space triggerable NULL-pointer
> dereferences.
>
> Fixes: 6b9ad1c742bf ("staging: speakup: add send_xchar, tiocmset and input functionality for tty")
> Cc: stable <stable@xxxxxxxxxxxxxxx> # 4.13
> Cc: Okash Khawaja <okash.khawaja@xxxxxxxxx>
> Cc: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>
> Signed-off-by: Johan Hovold <johan@xxxxxxxxxx>

Indeed.

Reviewed-by: Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>

> ---
> drivers/staging/speakup/spk_ttyio.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/staging/speakup/spk_ttyio.c b/drivers/staging/speakup/spk_ttyio.c
> index c92bbd05516e..005de0024dd4 100644
> --- a/drivers/staging/speakup/spk_ttyio.c
> +++ b/drivers/staging/speakup/spk_ttyio.c
> @@ -265,7 +265,8 @@ static void spk_ttyio_send_xchar(char ch)
> return;
> }
>
> - speakup_tty->ops->send_xchar(speakup_tty, ch);
> + if (speakup_tty->ops->send_xchar)
> + speakup_tty->ops->send_xchar(speakup_tty, ch);
> mutex_unlock(&speakup_tty_mutex);
> }
>
> @@ -277,7 +278,8 @@ static void spk_ttyio_tiocmset(unsigned int set, unsigned int clear)
> return;
> }
>
> - speakup_tty->ops->tiocmset(speakup_tty, set, clear);
> + if (speakup_tty->ops->tiocmset)
> + speakup_tty->ops->tiocmset(speakup_tty, set, clear);
> mutex_unlock(&speakup_tty_mutex);
> }
>
> --
> 2.20.1
>

--
Samuel
R: Parce que Ãa renverse bÃtement l'ordre naturel de lecture!
Q: Mais pourquoi citer en fin d'article est-il si effroyable?
R: Citer en fin d'article
Q: Quelle est la chose la plus dÃsagrÃable sur les groupes de news?