[PATCH] KEYS: fix dereferencing NULL payload with nonzero length
David Howells
dhowells at redhat.com
Mon Apr 3 19:20:44 UTC 2017
Eric Biggers <ebiggers3 at gmail.com> wrote:
> > > - if (_payload) {
> > > + if (plen) {
> >
> > "if (_payload && plen)" would be better.
> >
> > David
>
> No, that doesn't solve the problem. The problem is that userspace can pass
> in a NULL payload with nonzero length, causing the kernel to dereference a
> NULL pointer for some key types. For example:
Okay, in that case, I think there should be an else-statement that clears plen
if !_payload.
David
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list