[Bug 564733] New: acl: potential null pointer dereferences
http://bugzilla.novell.com/show_bug.cgi?id=564733 http://bugzilla.novell.com/show_bug.cgi?id=564733#c0 Summary: acl: potential null pointer dereferences Classification: openSUSE Product: openSUSE 11.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bphilips@novell.com ReportedBy: jslaby@novell.com QAContact: qa@suse.de Found By: --- Blocker: --- Hi, Stanse found this error in acl of OS 11.2: pointer always points to valid memory here, but checking for not NULL.[ext_acl] acl_t acl_copy_int(const void *buf_p) { const struct __acl *ext_acl = (struct __acl *)buf_p; const struct __acl_entry *ent_p = ext_acl->x_entries, *end_p; <-- loc0 size_t size = ext_acl ? ext_acl->x_size : 0; int entries; acl_obj *acl_obj_p; acl_entry_obj *entry_obj_p; if (!ext_acl || size < sizeof(struct __acl)) { <-- here (*__errno_location ()) = 22; return ((void *)0); } It is because at loc0, ext_acl is already dereferenced. Steps to reproduce: osc co openSUSE:11.2 acl cd openSUSE:11.2/acl tar zxvf acl-2.2.48.src.tar.gz cd acl-2.2.48/ /configure && JOB_FILE=`pwd`/jf make CC=stcc stanse -Xmx3000m -c AutomatonChecker:memory.xml --jobfile jf -g -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=564733 http://bugzilla.novell.com/show_bug.cgi?id=564733#c Jiri Slaby <jslaby@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|acl: potential null pointer |acl: potential null pointer |dereferences |dereference -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=564733 http://bugzilla.novell.com/show_bug.cgi?id=564733#c1 --- Comment #1 from Brandon Philips <bphilips@novell.com> 2009-12-18 00:36:18 UTC --- Created an attachment (id=333313) --> (http://bugzilla.novell.com/attachment.cgi?id=333313) libacl-fix-potential-null-pointer-dereference.patch Subject: [PATCH] libacl: fix potential null pointer dereference stanse found that acl_copy_int() derefences ext_acl when initializing ent_p and then later checks if ext_acl is NULL. Delay initializing ent_p and size until the NULL check has been made on ext_acl. Fix this bug: https://bugzilla.novell.com/show_bug.cgi?id=564733 I will leave this open until I check in a slew of acl bug fixes into os11.2. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=564733 http://bugzilla.novell.com/show_bug.cgi?id=564733#c2 Brandon Philips <bphilips@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |CLOSED Resolution| |FIXED --- Comment #2 from Brandon Philips <bphilips@novell.com> 2010-02-27 00:29:06 UTC --- Submitreq id 33600 -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=564733 http://bugzilla.novell.com/show_bug.cgi?id=564733#c3 Jiri Slaby <jslaby@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|CLOSED |REOPENED Resolution|FIXED | --- Comment #3 from Jiri Slaby <jslaby@novell.com> 2010-02-27 09:03:47 UTC --- As far as I understand, it's pure 2.2.49, which doesn't contain the fix according to http://git.savannah.gnu.org/cgit/acl.git . -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=564733 http://bugzilla.novell.com/show_bug.cgi?id=564733#c4 --- Comment #4 from Jiri Slaby <jslaby@novell.com> 2010-02-27 09:06:56 UTC --- And please fix factory too. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=564733 https://bugzilla.novell.com/show_bug.cgi?id=564733#c zj jia <zjjia@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |zjjia@novell.com AssignedTo|bnc-team-screening@forge.pr |jeffm@novell.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=564733 https://bugzilla.novell.com/show_bug.cgi?id=564733#c Jeff Mahoney <jeffm@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|jeffm@novell.com |mszeredi@novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=564733 https://bugzilla.novell.com/show_bug.cgi?id=564733#c6 Miklos Szeredi <mszeredi@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|REOPENED |RESOLVED CC| |mszeredi@novell.com Resolution| |FIXED --- Comment #6 from Miklos Szeredi <mszeredi@novell.com> 2011-11-03 15:25:40 UTC --- Fixed in factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com