superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net/appletalk
History
Weiming Shi 9e7f36ab5b net: appletalk: fix NULL pointer dereference in aarp_send_ddp() 
aarp_send_ddp() calls atalk_find_dev_addr(dev) in the LocalTalk fast
path without checking for NULL. When the device has no AppleTalk
interface configured (dev->atalk_ptr == NULL), this leads to a NULL
pointer dereference at the at->s_net access.

 KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007]
 RIP: 0010:aarp_send_ddp (net/appletalk/aarp.c:552 (discriminator 2))
 Call Trace:
  <TASK>
  atalk_sendmsg (net/appletalk/ddp.c:1715)
  __sys_sendto (net/socket.c:2265 (discriminator 1))
  __x64_sys_sendto (net/socket.c:2272)
  do_syscall_64 (arch/x86/entry/syscall_64.c:94)
  entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:121)

Add a NULL check consistent with the other callers of
atalk_find_dev_addr().

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: Xiang Mei <xmei5@asu.edu>
Signed-off-by: Weiming Shi <bestswngs@gmail.com>
Link: https://patch.msgid.link/20260514123806.3085961-3-bestswngs@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2026-05-18 16:33:34 -07:00
..
Kconfig appletalk: remove ipddp driver 2023-10-10 17:49:00 -07:00
Makefile appletalk: Remove deadcode 2024-10-04 12:42:32 +01:00
aarp.c net: appletalk: fix NULL pointer dereference in aarp_send_ddp() 2026-05-18 16:33:34 -07:00
atalk_proc.c net: remove sock_i_uid() 2025-06-23 17:04:03 -07:00
ddp.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
sysctl_net_atalk.c appletalk: Remove the now superfluous sentinel elements from ctl_table array 2024-05-03 13:29:42 +01:00