|
 |
4e6258a |
From 425aa0e1d01513437668fa3d4a971168bbaa8515 Mon Sep 17 00:00:00 2001
|
|
|
4e6258a |
From: Gen Zhang <blackgod016574@gmail.com>
|
|
|
4e6258a |
Date: Fri, 24 May 2019 11:24:26 +0800
|
|
|
4e6258a |
Subject: [PATCH] ip_sockglue: Fix missing-check bug in ip_ra_control()
|
|
|
4e6258a |
|
|
|
4e6258a |
In function ip_ra_control(), the pointer new_ra is allocated a memory
|
|
|
4e6258a |
space via kmalloc(). And it is used in the following codes. However,
|
|
|
4e6258a |
when there is a memory allocation error, kmalloc() fails. Thus null
|
|
|
4e6258a |
pointer dereference may happen. And it will cause the kernel to crash.
|
|
|
4e6258a |
Therefore, we should check the return value and handle the error.
|
|
|
4e6258a |
|
|
|
4e6258a |
Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
|
|
|
4e6258a |
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
|
4e6258a |
---
|
|
|
4e6258a |
net/ipv4/ip_sockglue.c | 2 ++
|
|
|
4e6258a |
1 file changed, 2 insertions(+)
|
|
|
4e6258a |
|
|
|
4e6258a |
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
|
|
|
4e6258a |
index 82f341e84fae..aa3fd61818c4 100644
|
|
|
4e6258a |
--- a/net/ipv4/ip_sockglue.c
|
|
|
4e6258a |
+++ b/net/ipv4/ip_sockglue.c
|
|
|
4e6258a |
@@ -343,6 +343,8 @@ int ip_ra_control(struct sock *sk, unsigned char on,
|
|
|
4e6258a |
return -EINVAL;
|
|
|
4e6258a |
|
|
|
4e6258a |
new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
|
|
|
4e6258a |
+ if (on && !new_ra)
|
|
|
4e6258a |
+ return -ENOMEM;
|
|
|
4e6258a |
|
|
|
4e6258a |
mutex_lock(&net->ipv4.ra_mutex);
|
|
|
4e6258a |
for (rap = &net->ipv4.ra_chain;
|
|
|
4e6258a |
--
|
|
|
4e6258a |
2.21.0
|
|
|
4e6258a |
|