[Bug 231514] Potential null pointer deference in function ffec_alloc_mbufcl (sys/dev/ffec/if_ffec.c)

Thu Sep 20 13:28:28 UTC 2018

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=231514

            Bug ID: 231514
           Summary: Potential null pointer deference in function
                    ffec_alloc_mbufcl (sys/dev/ffec/if_ffec.c)
           Product: Base System
           Version: CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: bugs at FreeBSD.org
          Reporter: yangx92 at hotmail.com

Created attachment 197278
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=197278&action=edit
Patch_for_FFEC_NULL-POINTER-DEFERENCE

There is a potential null pointer deference in function ffec_alloc_mbufcl
(sys/dev/ffec/if_ffec.c).

 798 static struct mbuf *
 799 ffec_alloc_mbufcl(struct ffec_softc *sc)
 800 {
 801         struct mbuf *m;
 802 
 803         m = m_getcl(M_NOWAIT, MT_DATA, M_PKTHDR);
 804         m->m_pkthdr.len = m->m_len = m->m_ext.ext_size;
 805 
 806         return (m);
 807 }

m_getcl(how,    type, flags)
Fetch an mbuf with a mbuf cluster attached to it.  If one of the allocations
fails, the entire allocation fails. This routine is the preferred way of
fetching both the mbuf and mbuf cluster together, as it avoids having to
unlock/relock between allocations.
Returns NULL on failure.

if line 803 return NULL on failure, then there is a null pointer deference
vulnerability.

The attachment is the proposal patch.

-- 
You are receiving this mail because:
You are the assignee for the bug.