lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20190729123055.5a7ba416@redhat.com>
Date:   Mon, 29 Jul 2019 12:30:55 +0200
From:   Jiri Benc <jbenc@...hat.com>
To:     Jia-Ju Bai <baijiaju1990@...il.com>
Cc:     davem@...emloft.net, sbrivio@...hat.com, sd@...asysnail.net,
        liuhangbin@...il.com, dsahern@...il.com, natechancellor@...il.com,
        tglx@...utronix.de, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org
Subject: Re: [PATCH] net: geneve: Fix a possible null-pointer dereference in
 geneve_link_config()

On Mon, 29 Jul 2019 18:26:11 +0800, Jia-Ju Bai wrote:
> --- a/drivers/net/geneve.c
> +++ b/drivers/net/geneve.c
> @@ -1521,9 +1521,10 @@ static void geneve_link_config(struct net_device *dev,
>  		rt = rt6_lookup(geneve->net, &info->key.u.ipv6.dst, NULL, 0,
>  				NULL, 0);
>  
> -		if (rt && rt->dst.dev)
> +		if (rt && rt->dst.dev) {
>  			ldev_mtu = rt->dst.dev->mtu - GENEVE_IPV6_HLEN;
> -		ip6_rt_put(rt);
> +			ip6_rt_put(rt);
> +		}
>  		break;
>  	}
>  #endif

Are you sure rt6_lookup can never return a non-NULL rt with rt->dst.dev
being NULL? You'd leak the reference in such case.

 Jiri

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ