| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190726022505.24938-1-baijiaju1990@gmail.com>
Date: Fri, 26 Jul 2019 10:25:04 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: davem@...emloft.net, kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH 2/2] net: ipv4: Fix a possible null-pointer dereference in fib4_rule_suppress()
In fib4_rule_suppress(), there is an if statement on line 145 to check
whether result->fi is NULL:
if (result->fi)
When result->fi is NULL, it is used on line 167:
fib_info_put(result->fi);
In fib_info_put(), the argument fi is used:
if (refcount_dec_and_test(&fi->fib_clntref))
Thus, a possible null-pointer dereference may occur.
To fix this bug, result->fi is checked before calling fib_info_put().
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
net/ipv4/fib_rules.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index b43a7ba5c6a4..daedce293aab 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -163,7 +163,7 @@ static bool fib4_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg
return false;
suppress_route:
- if (!(arg->flags & FIB_LOOKUP_NOREF))
+ if (!(arg->flags & FIB_LOOKUP_NOREF) && result->fi)
fib_info_put(result->fi);
return true;
}
--
2.17.0
Powered by blists - more mailing lists