...
This compliant solution eliminates the null pointer deference by initializing sk to tun->sk following the null pointer check. It also adds an assertion assertions to document that a certain pointer other pointers must not be null.
| Code Block | ||||
|---|---|---|---|---|
| ||||
static unsigned int tun_chr_poll(struct file *file, poll_table *wait) {
assert(file);
struct tun_file *tfile = file->private_data;
struct tun_struct *tun = __tun_get(tfile);
struct sock *sk;
unsigned int mask = 0;
if (!tun)
return POLLERR;
assert(tun->dev);
sk = tun->sk;
assert(sk);
assert(sk->socket);
/* The remaining code is omitted because it is unchanged... */
}
|
Risk Assessment
Dereferencing a null pointer is undefined behavior, typically abnormal program termination. In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code [Jack 2007, van Sprundel 2006]. The indicated severity is for this more severe case; on platforms where it is not possible to exploit a null pointer dereference to execute arbitrary code, the actual severity is low.
...