| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20180718161216.27820-2-sthemmin@microsoft.com>
Date: Wed, 18 Jul 2018 09:12:15 -0700
From: Stephen Hemminger <stephen@...workplumber.org>
To: pshelar@....org, davem@...emloft.net
Cc: netdev@...r.kernel.org, dev@...nvswitch.org,
Stephen Hemminger <sthemmin@...rosoft.com>,
Stephen Hemminger <stephen@...workplumber.org>
Subject: [PATCH net 1/2] openvswitch: check for null return for nla_nest_start
The call to nla_nest_start in conntrack can lead to a NULL
return so it's possible for attr to become NULL and we can potentially
get a NULL pointer dereference on attr. Fix this by checking for
a NULL return.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200533
Fixes: 11efd5cb04a1 ("openvswitch: Support conntrack zone limit")
Signed-off-by: Stephen Hemminger <stephen@...workplumber.org>
---
net/openvswitch/conntrack.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 284aca2a252d..2e316f641df8 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -2132,6 +2132,8 @@ static int ovs_ct_limit_cmd_get(struct sk_buff *skb, struct genl_info *info)
return PTR_ERR(reply);
nla_reply = nla_nest_start(reply, OVS_CT_LIMIT_ATTR_ZONE_LIMIT);
+ if (!nla_reply)
+ return PRT_ERR(-EMSGSIZE);
if (a[OVS_CT_LIMIT_ATTR_ZONE_LIMIT]) {
err = ovs_ct_limit_get_zone_limit(
--
2.18.0
Powered by blists - more mailing lists