On Thu, Aug 03, 2017 at 09:57:38PM +0800, sohu0106 wrote: > > > Local users able to send the NULL arg argument to kbd_ioctl(), which could > cause kernel crash > > > > > diff --git a/keyboard.c > b/keyboard.c > index ba0e4f9..3ec16b1 100644 > --- a/keyboard.c > +++ b/keyboard.c > @@ -456,6 +456,8 @@ int kbd_ioctl(struct kbd_data *kbd, unsigned int cmd, > unsigned long arg) > int perm; > > argp = (void __user *)arg; > + if( !argp ) > + return -EFAULT;
This doesn't make sense as well. All uaccess functions are able to handle NULL pointers within user space.
