* Mathieu Desnoyers ([email protected]) wrote: > * Tetsuo Handa ([email protected]) wrote: > > Mathieu Desnoyers wrote: > > > - if (used_address && used_address->name_len == msg_sys->msg_namelen && > > > - !memcmp(&used_address->name, msg->msg_name, > > > + if (used_address && msg_sys->msg_name && > > > + used_address->name_len == msg_sys->msg_namelen && > > > + !memcmp(&used_address->name, msg_sys->msg_name, > > > > My mistake. I thought I have typed msg_sys->msg_name . > > Thank you for catching this. > > You're welcome. > > > > > > Note that msg_sys can be set to NULL by verify_compat_iovec() > > > or verify_iovec(), which requires additional NULL pointer checks. > > > > You meant msg_sys->msg_name can be set to NULL, didn't you? > > Yes, > > > I think msg_sys->msg_name != NULL if msg_sys->msg_namelen != 0. > > Therefore, I think memcpy()/memcmp() are safe without NULL pointer checks. > > Yes, that should be fine (just confirmed it by reviewing > verify_*iovec(), but I did not want to take any chances in my fix > implementation. Please feel free to remove the unnecessary checks if > they end up being unrequired. I went for the "obviously safe" approach.
Thinking about it slighly more, can you point me out to the msg_sys->msg_namelen check you refer to that would skip the msg_sys->msg_name NULL pointer dereference ? Is it that both memcpy and memcmp ensure that NULL pointers are never a problem when the length is 0 ? Thanks, Mathieu -- Mathieu Desnoyers Operating System Efficiency R&D Consultant EfficiOS Inc. http://www.efficios.com _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
