| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20190726080321.4466-1-baijiaju1990@gmail.com>
Date: Fri, 26 Jul 2019 16:03:21 +0800
From: Jia-Ju Bai <baijiaju1990@...il.com>
To: davem@...emloft.net, kuznet@....inr.ac.ru, yoshfuji@...ux-ipv6.org
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
Jia-Ju Bai <baijiaju1990@...il.com>
Subject: [PATCH 2/2] net: ipv6: Fix a possible null-pointer dereference in vti6_link_config()
In vti6_link_config(), there is an if statement on line 649 to check
whether rt is NULL:
if (rt)
When rt is NULL, it is used on line 651:
ip6_rt_put(rt);
dst_release(&rt->dst);
Thus, a possible null-pointer dereference may occur.
To fix this bug, ip6_rt_put() is called when rt is not NULL.
This bug is found by a static analysis tool STCheck written by us.
Signed-off-by: Jia-Ju Bai <baijiaju1990@...il.com>
---
net/ipv6/ip6_vti.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 024db17386d2..572647205c52 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -646,9 +646,10 @@ static void vti6_link_config(struct ip6_tnl *t, bool keep_mtu)
&p->raddr, &p->laddr,
p->link, NULL, strict);
- if (rt)
+ if (rt) {
tdev = rt->dst.dev;
- ip6_rt_put(rt);
+ ip6_rt_put(rt);
+ }
}
if (!tdev && p->link)
--
2.17.0
Powered by blists - more mailing lists