Bug 196575 - drivers/s390/char/keyboard.c NULL pointer reference
Summary: drivers/s390/char/keyboard.c NULL pointer reference
Status: NEW
Alias: None
Product: Drivers
Classification: Unclassified
Component: Input Devices (show other bugs)
Hardware: S390-64 Linux
: P1 normal
Assignee: drivers_input-devices
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-08-03 08:10 UTC by zhh
Modified: 2017-08-03 08:18 UTC (History)
1 user (show)

See Also:
Kernel Version: <=4.12.3
Subsystem:
Regression: No
Bisected commit-id:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description zhh 2017-08-03 08:10:55 UTC 
Local users able to send the NULL arg argument to kbd_ioctl(), which could cause kernel crash


diff --git a/keyboard.c 
b/keyboard.c
index ba0e4f9..3ec16b1 100644
--- a/keyboard.c
+++ b/keyboard.c
@@ -456,6 +456,8 @@ int kbd_ioctl(struct kbd_data *kbd, unsigned int cmd, unsigned long arg)
        int perm;
 
        argp = (void __user *)arg;
+       if( !argp )
+               return -EFAULT;
 
        /*
         * To have permissions to do most of the vt ioctls, we either have
Note You need to log in before you can comment on or make changes to this bug.