Re: [PATCH] net: core: Fix possible null-pointer dereference in failover_slave_register()

From: Jakub Kicinski
Date: Tue Aug 10 2021 - 11:04:09 EST


On Tue, 10 Aug 2021 02:18:00 -0700 Tuo Li wrote:
> The variable fops is checked in:
> if (fops && fops->slave_pre_register &&
> fops->slave_pre_register(slave_dev, failover_dev))
>
> This indicates that it can be NULL.
> However, it is dereferenced when calling netdev_rx_handler_register():
> err = netdev_rx_handler_register(slave_dev, fops->slave_handle_frame,
> failover_dev);
>
> To fix this possible null-pointer dereference, check fops first, and if
> it is NULL, assign -EINVAL to err.

The other fops checks look like defensive programming. I don't see
anywhere where fops would be cleared, and all callers pass it to
register().