[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

null pointer derefs



following is a patch which catches a few cases where a potentially null
pointer is dereferenced in the kernel.  there wasn't much i could do about
error handling, but hopefully this will be better than crashing.

ted

--
Ted -- grendel@heorot.stanford.edu -- http://heorot.stanford.edu/grendel/
Keep your vogue code that all have.   /   Tomorrow's world we've all seen.
Keep your modern ways and keep your bugs. / The metal man is here to stay.
                           - Theatre of Tragedy, "Machine"

patch for openbsd -current.
--- dev/pcmcia/pcmcia_cis_quirks.c.orig	Fri May 18 21:35:44 2001
+++ dev/pcmcia/pcmcia_cis_quirks.c	Fri May 18 21:35:54 2001
@@ -232,15 +232,18 @@

 			if (pf_last == pcmcia_cis_quirks[i].pf) {
 				cfe = malloc(sizeof(*cfe), M_DEVBUF, M_NOWAIT);
+				if(!cfe) return;
 				*cfe = *pcmcia_cis_quirks[i].cfe;

 				SIMPLEQ_INSERT_TAIL(&pf->cfe_head, cfe, cfe_list);
 			} else {
 				pf = malloc(sizeof(*pf), M_DEVBUF, M_NOWAIT);
+				if(!pf) return;
 				*pf = *pcmcia_cis_quirks[i].pf;
 				SIMPLEQ_INIT(&pf->cfe_head);

 				cfe = malloc(sizeof(*cfe), M_DEVBUF, M_NOWAIT);
+				if(!cfe) return;
 				*cfe = *pcmcia_cis_quirks[i].cfe;

 				SIMPLEQ_INSERT_TAIL(&pf->cfe_head, cfe, cfe_list);
--- dev/wscons/wsdisplay.c.orig	Fri May 18 21:36:22 2001
+++ dev/wscons/wsdisplay.c	Fri May 18 21:46:36 2001
@@ -280,6 +280,8 @@
 	} else { /* not console */
 		dconf = malloc(sizeof(struct wsscreen_internal),
 			       M_DEVBUF, M_NOWAIT);
+		if(!dconf)
+			return NULL;
 		dconf->emulops = type->textops;
 		dconf->emulcookie = cookie;
 		if (dconf->emulops) {
--- netinet/igmp.h.orig	Fri May 18 21:59:12 2001
+++ netinet/igmp.h	Fri May 18 21:58:34 2001
@@ -58,6 +58,7 @@

 #define	IGMP_MINLEN		     8

+#define IGMP_ERROR -1
 #define	IGMP_HOST_MEMBERSHIP_QUERY	0x11  /* membership query      */
 #define	IGMP_v1_HOST_MEMBERSHIP_REPORT	0x12  /* v1 membership report  */
 #define	IGMP_DVMRP			0x13  /* DVMRP routing message */
--- netinet/igmp.c.orig	Fri May 18 21:49:17 2001
+++ netinet/igmp.c	Fri May 18 22:36:11 2001
@@ -69,6 +69,7 @@

 	rti = (struct router_info *)malloc(sizeof(struct router_info),
 					   M_MRTABLE, M_NOWAIT);
+	if(!rti) return IGMP_ERROR;
 	rti->rti_ifp = inm->inm_ifp;
 	rti->rti_type = IGMP_v2_ROUTER;
 	rti->rti_next = rti_head;
@@ -90,6 +91,8 @@

 	rti = (struct router_info *)malloc(sizeof(struct router_info),
 					   M_MRTABLE, M_NOWAIT);
+	if(!rti)
+		return NULL;
 	rti->rti_ifp = ifp;
 	rti->rti_type = IGMP_v2_ROUTER;
 	rti->rti_next = rti_head;
@@ -183,6 +186,10 @@

 		if (igmp->igmp_code == 0) {
 			rti = rti_find(ifp);
+			if(!rti) {
+				m_freem(m);
+				return;
+			}
 			rti->rti_type = IGMP_v1_ROUTER;
 			rti->rti_age = 0;

@@ -495,6 +502,9 @@
 #ifdef MROUTING
 	extern struct socket *ip_mrouter;
 #endif /* MROUTING */
+
+	if(type == IGMP_ERROR)
+		return;

 	MGETHDR(m, M_DONTWAIT, MT_HEADER);
 	if (m == NULL)
--- netiso/tp_emit.c.orig	Fri May 18 22:01:34 2001
+++ netiso/tp_emit.c	Fri May 18 22:03:03 2001
@@ -204,13 +204,13 @@
 	} else {
 		MGETHDR(m, M_DONTWAIT, TPMT_TPHDR);
 	}
-	m->m_data += max_hdr;
 	if (m == NULL) {
 		if (data != (struct mbuf *) 0)
 			m_freem(data);
 		error = ENOBUFS;
 		goto done;
 	}
+	m->m_data += max_hdr;
 	m->m_len = sizeof(struct tpdu);
 	m->m_act = MNULL;

--- scsi/scsiconf.c.orig	Fri May 18 22:03:58 2001
+++ scsi/scsiconf.c	Fri May 18 22:04:41 2001
@@ -740,6 +740,8 @@
 		return;

 	sc_link = malloc(sizeof(*sc_link), M_DEVBUF, M_NOWAIT);
+	if(!sc_link)
+		return;
 	*sc_link = *scsi->adapter_link;
 	sc_link->target = target;
 	sc_link->lun = lun;