lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <b11141f6-95b7-883e-d924-b9b2699eb980@kernel.org>
Date:   Sat, 17 Sep 2022 08:46:42 -0600
From:   David Ahern <dsahern@...nel.org>
To:     Nikolay Aleksandrov <razor@...ckwall.org>,
        Li Zhong <floridsleeves@...il.com>,
        linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Cc:     pabeni@...hat.com, kuba@...nel.org, edumazet@...gle.com,
        davem@...emloft.net, yoshfuji@...ux-ipv6.org
Subject: Re: [PATCH v1] net/ipv4/nexthop: check the return value of
 nexthop_find_by_id()

On 9/17/22 2:29 AM, Nikolay Aleksandrov wrote:
> On 17/09/2022 05:30, Li Zhong wrote:
>> Check the return value of nexthop_find_by_id(), which could be NULL on
>> when not found. So we check to avoid null pointer dereference.
>>
>> Signed-off-by: Li Zhong <floridsleeves@...il.com>
>> ---
>>  net/ipv4/nexthop.c | 4 ++++
>>  1 file changed, 4 insertions(+)
>>
>> diff --git a/net/ipv4/nexthop.c b/net/ipv4/nexthop.c
>> index 853a75a8fbaf..9f91bb78eed5 100644
>> --- a/net/ipv4/nexthop.c
>> +++ b/net/ipv4/nexthop.c
>> @@ -2445,6 +2445,10 @@ static struct nexthop *nexthop_create_group(struct net *net,
>>  		struct nh_info *nhi;
>>  
>>  		nhe = nexthop_find_by_id(net, entry[i].id);
>> +		if (!nhe) {
>> +			err = -EINVAL;
>> +			goto out_no_nh;
>> +		}
>>  		if (!nexthop_get(nhe)) {
>>  			err = -ENOENT;
>>  			goto out_no_nh;
> 
> These are validated in nh_check_attr_group() and should exist at this point.
> Since remove_nexthop() should run under rtnl I don't see a way for a nexthop
> to disappear after nh_check_attr_group() and before nexthop_create_group().
> 

exactly. That lookup can't fail because the ids have been validated and
all of this is under rtnl preventing nexthop removes.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ