| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 6 Jun 2017 01:05:18 +0300
From: Nikolay Aleksandrov <nikolay@...ulusnetworks.com>
To: "Gustavo A. R. Silva" <garsilva@...eddedor.com>,
Stephen Hemminger <stephen@...workplumber.org>,
"David S. Miller" <davem@...emloft.net>
Cc: bridge@...ts.linux-foundation.org, netdev@...r.kernel.org,
roopa <roopa@...ulusnetworks.com>
Subject: Re: [PATCH] net: bridge: fix potential NULL pointer dereference
On 06/06/17 00:30, Gustavo A. R. Silva wrote:
> Add NULL check before dereferencing pointer _p_ inside br_afspec().
>
> Addresses-Coverity-ID: 1401872
> Signed-off-by: Gustavo A. R. Silva <garsilva@...eddedor.com>
> ---
> net/bridge/br_netlink.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
> index 1e63ec4..ad85a9c 100644
> --- a/net/bridge/br_netlink.c
> +++ b/net/bridge/br_netlink.c
> @@ -776,7 +776,7 @@ int br_setlink(struct net_device *dev, struct nlmsghdr *nlh, u16 flags)
> goto out;
> }
>
> - if (afspec) {
> + if (p && afspec) {
> err = br_afspec((struct net_bridge *)netdev_priv(dev), p,
> afspec, RTM_SETLINK);
> }
>
While I see a possible issue with the new bridge tunnel code (+CC Roopa), this is
the wrong fix because there are legitimate use cases where p is null and br_afspec
is called.
We need to change the p->flags check in br_afspec()'s IFLA_BRIDGE_VLAN_TUNNEL_INFO case
to check for a NULL p first.
Thanks for the report!
Powered by blists - more mailing lists