Re: [PATCH] [bpf] xdp_redirect_cpu_user: Fix null pointer dereference

From: Daniel Borkmann
Date: Tue Jun 16 2020 - 09:10:35 EST

Next message: Vegard Nossum: "Re: [merged] exec-open-code-copy_string_kernel.patch removed from -mm tree"
Previous message: Miguel Ojeda: "Re: [PATCH] compiler_attributes.h: Support no_sanitize_undefined check with GCC 4"
In reply to: John Fastabend: "RE: [PATCH] [bpf] xdp_redirect_cpu_user: Fix null pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 6/14/20 9:04 PM, Gaurav Singh wrote:

Memset() on the pointer right after malloc() can cause
a null pointer dereference if it failed to allocate memory.
Fix this by replacing malloc/memset with a single calloc().

Signed-off-by: Gaurav Singh <gaurav1086@xxxxxxxxx>

Squashed all three same fixes into one and pushed to bpf, thanks!

@@ -222,11 +219,9 @@ static struct datarec *alloc_record_per_cpu(void)
static struct stats_record *alloc_stats_record(void)
{
struct stats_record *rec;
- int i, size;
+ int i;
- size = sizeof(*rec) + n_cpus * sizeof(struct record);
- rec = malloc(size);
- memset(rec, 0, size);
+ rec = calloc(n_cpus + 1, sizeof(struct record));

For the record, this one is buggy, so I fixed it up as well.

if (!rec) {
fprintf(stderr, "Mem alloc error\n");
exit(EXIT_FAIL_MEM);

Thanks,
Daniel

Next message: Vegard Nossum: "Re: [merged] exec-open-code-copy_string_kernel.patch removed from -mm tree"
Previous message: Miguel Ojeda: "Re: [PATCH] compiler_attributes.h: Support no_sanitize_undefined check with GCC 4"
In reply to: John Fastabend: "RE: [PATCH] [bpf] xdp_redirect_cpu_user: Fix null pointer dereference"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]