Another Kernel NULL Pointer Vulnerability

Article Source LWN
August 13, 2009, 12:41 pm

In the Linux kernel, each socket has an associated struct of operations called proto_ops which contain pointers to functions implementing various features, such as accept, bind, shutdown, and so on.

If an operation on a particular socket is unimplemented, they are expected to point the associated function pointer to predefined stubs, for example if the “accept” operation is undefined it would point to sock_no_accept(). However, we have found that this is not always the case and some of these pointers are left uninitialized…