* Tetsuo Handa (penguin-ker...@i-love.sakura.ne.jp) wrote: > Mathieu Desnoyers wrote: > > - if (used_address && used_address->name_len == msg_sys->msg_namelen && > > - !memcmp(&used_address->name, msg->msg_name, > > + if (used_address && msg_sys->msg_name && > > + used_address->name_len == msg_sys->msg_namelen && > > + !memcmp(&used_address->name, msg_sys->msg_name, > > My mistake. I thought I have typed msg_sys->msg_name . > Thank you for catching this.
You're welcome. > > > Note that msg_sys can be set to NULL by verify_compat_iovec() > > or verify_iovec(), which requires additional NULL pointer checks. > > You meant msg_sys->msg_name can be set to NULL, didn't you? Yes, > I think msg_sys->msg_name != NULL if msg_sys->msg_namelen != 0. > Therefore, I think memcpy()/memcmp() are safe without NULL pointer checks. Yes, that should be fine (just confirmed it by reviewing verify_*iovec(), but I did not want to take any chances in my fix implementation. Please feel free to remove the unnecessary checks if they end up being unrequired. I went for the "obviously safe" approach. Thanks, Mathieu -- Mathieu Desnoyers Operating System Efficiency R&D Consultant EfficiOS Inc. http://www.efficios.com _______________________________________________ stable mailing list stable@linux.kernel.org http://linux.kernel.org/mailman/listinfo/stable