lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Sat,  9 Apr 2022 05:40:36 -0400
From:   Mark Mielke <mark.mielke@...il.com>
To:     netdev@...r.kernel.org, dev@...nvswitch.org
Cc:     Pravin B Shelar <pshelar@....org>,
        "David S. Miller" <davem@...emloft.net>,
        Jakub Kicinski <kuba@...nel.org>,
        Paolo Abeni <pabeni@...hat.com>,
        Pablo Neira Ayuso <pablo@...filter.org>,
        Florian Westphal <fw@...len.de>,
        Mark Mielke <mark.mielke@...il.com>, stable@...r.kernel.org
Subject: [PATCH] openvswitch: Ensure nf_ct_put is not called with null pointer

A recent commit replaced calls to nf_conntrack_put() with calls
to nf_ct_put(). nf_conntrack_put() permitted the caller to pass
null without side effects, while nf_ct_put() performs WARN_ON()
and proceeds to try and de-reference the pointer. ovs-vswitchd
triggers the warning on startup:

[   22.178881] WARNING: CPU: 69 PID: 2157 at include/net/netfilter/nf_conntrack.h:176 __ovs_ct_lookup+0x4e2/0x6a0 [openvswitch]
...
[   22.213573] Call Trace:
[   22.214318]  <TASK>
[   22.215064]  ovs_ct_execute+0x49c/0x7f0 [openvswitch]
...

Cc: stable@...r.kernel.org
Fixes: 408bdcfce8df ("net: prefer nf_ct_put instead of nf_conntrack_put")
Signed-off-by: Mark Mielke <mark.mielke@...il.com>
---
 net/openvswitch/conntrack.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index 4a947c13c813..69972f037d21 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -970,7 +970,8 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key,
 		/* Associate skb with specified zone. */
 		if (tmpl) {
 			ct = nf_ct_get(skb, &ctinfo);
-			nf_ct_put(ct);
+			if (ct)
+				nf_ct_put(ct);
 			nf_conntrack_get(&tmpl->ct_general);
 			nf_ct_set(skb, tmpl, IP_CT_NEW);
 		}
@@ -1339,8 +1340,8 @@ int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key)
 	struct nf_conn *ct;
 
 	ct = nf_ct_get(skb, &ctinfo);
-
-	nf_ct_put(ct);
+	if (ct)
+		nf_ct_put(ct);
 	nf_ct_set(skb, NULL, IP_CT_UNTRACKED);
 	ovs_ct_fill_key(skb, key, false);
 
-- 
2.35.1

Powered by blists - more mailing lists