lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 9 Apr 2022 05:40:36 -0400 From: Mark Mielke <mark.mielke@...il.com> To: netdev@...r.kernel.org, dev@...nvswitch.org Cc: Pravin B Shelar <pshelar@....org>, "David S. Miller" <davem@...emloft.net>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>, Pablo Neira Ayuso <pablo@...filter.org>, Florian Westphal <fw@...len.de>, Mark Mielke <mark.mielke@...il.com>, stable@...r.kernel.org Subject: [PATCH] openvswitch: Ensure nf_ct_put is not called with null pointer A recent commit replaced calls to nf_conntrack_put() with calls to nf_ct_put(). nf_conntrack_put() permitted the caller to pass null without side effects, while nf_ct_put() performs WARN_ON() and proceeds to try and de-reference the pointer. ovs-vswitchd triggers the warning on startup: [ 22.178881] WARNING: CPU: 69 PID: 2157 at include/net/netfilter/nf_conntrack.h:176 __ovs_ct_lookup+0x4e2/0x6a0 [openvswitch] ... [ 22.213573] Call Trace: [ 22.214318] <TASK> [ 22.215064] ovs_ct_execute+0x49c/0x7f0 [openvswitch] ... Cc: stable@...r.kernel.org Fixes: 408bdcfce8df ("net: prefer nf_ct_put instead of nf_conntrack_put") Signed-off-by: Mark Mielke <mark.mielke@...il.com> --- net/openvswitch/conntrack.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 4a947c13c813..69972f037d21 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -970,7 +970,8 @@ static int __ovs_ct_lookup(struct net *net, struct sw_flow_key *key, /* Associate skb with specified zone. */ if (tmpl) { ct = nf_ct_get(skb, &ctinfo); - nf_ct_put(ct); + if (ct) + nf_ct_put(ct); nf_conntrack_get(&tmpl->ct_general); nf_ct_set(skb, tmpl, IP_CT_NEW); } @@ -1339,8 +1340,8 @@ int ovs_ct_clear(struct sk_buff *skb, struct sw_flow_key *key) struct nf_conn *ct; ct = nf_ct_get(skb, &ctinfo); - - nf_ct_put(ct); + if (ct) + nf_ct_put(ct); nf_ct_set(skb, NULL, IP_CT_UNTRACKED); ovs_ct_fill_key(skb, key, false); -- 2.35.1
Powered by blists - more mailing lists