Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d4032131 authored by Hardik Arya's avatar Hardik Arya Committed by Gerrit - the friendly Code Review server
Browse files

diag: Add NULL pointer checks 



Currently, there is a possibility of NULL pointer dereference
while accessing diag master table. The patch adds proper check
for null pointer while iterating over the list.

CRs-Fixed: 2077525
Change-Id: I51075b7a7f3acce0cb27822ad1acd8a5894cdaa9
Signed-off-by: default avatarHardik Arya <harya@codeaurora.org>
parent 84b4ce53

drivers/char/diag/diagchar_core.c

+17 −0
Original line number Diff line number Diff line
@@ -650,6 +650,11 @@ static void diag_cmd_invalidate_polling(int change_flag) 
	driver->polling_reg_flag = 0;

	list_for_each_safe(start, temp, &driver->cmd_reg_list) {

		item = list_entry(start, struct diag_cmd_reg_t, link);

		if (&item->entry == NULL) {

			pr_err("diag: In %s, unable to search command\n",

			       __func__);

			return;

		}

		polling = diag_cmd_chk_polling(&item->entry);

		if (polling == DIAG_CMD_POLLING) {

			driver->polling_reg_flag = 1;
@@ -791,6 +796,12 @@ void diag_cmd_remove_reg_by_pid(int pid) 
	mutex_lock(&driver->cmd_reg_mutex);

	list_for_each_safe(start, temp, &driver->cmd_reg_list) {

		item = list_entry(start, struct diag_cmd_reg_t, link);

		if (&item->entry == NULL) {

			pr_err("diag: In %s, unable to search command\n",

			       __func__);

			mutex_unlock(&driver->cmd_reg_mutex);

			return;

		}

		if (item->pid == pid) {

			list_del(&item->link);

			kfree(item);
@@ -809,6 +820,12 @@ void diag_cmd_remove_reg_by_proc(int proc) 
	mutex_lock(&driver->cmd_reg_mutex);

	list_for_each_safe(start, temp, &driver->cmd_reg_list) {

		item = list_entry(start, struct diag_cmd_reg_t, link);

		if (&item->entry == NULL) {

			pr_err("diag: In %s, unable to search command\n",

			       __func__);

			mutex_unlock(&driver->cmd_reg_mutex);

			return;

		}

		if (item->proc == proc) {

			list_del(&item->link);

			kfree(item);