| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 17 Sep 2022 08:46:42 -0600
From: David Ahern <dsahern@...nel.org>
To: Nikolay Aleksandrov <razor@...ckwall.org>,
Li Zhong <floridsleeves@...il.com>,
linux-kernel@...r.kernel.org, netdev@...r.kernel.org
Cc: pabeni@...hat.com, kuba@...nel.org, edumazet@...gle.com,
davem@...emloft.net, yoshfuji@...ux-ipv6.org
Subject: Re: [PATCH v1] net/ipv4/nexthop: check the return value of
nexthop_find_by_id()
On 9/17/22 2:29 AM, Nikolay Aleksandrov wrote:
> On 17/09/2022 05:30, Li Zhong wrote:
>> Check the return value of nexthop_find_by_id(), which could be NULL on
>> when not found. So we check to avoid null pointer dereference.
>>
>> Signed-off-by: Li Zhong <floridsleeves@...il.com>
>> ---
>> net/ipv4/nexthop.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/net/ipv4/nexthop.c b/net/ipv4/nexthop.c
>> index 853a75a8fbaf..9f91bb78eed5 100644
>> --- a/net/ipv4/nexthop.c
>> +++ b/net/ipv4/nexthop.c
>> @@ -2445,6 +2445,10 @@ static struct nexthop *nexthop_create_group(struct net *net,
>> struct nh_info *nhi;
>>
>> nhe = nexthop_find_by_id(net, entry[i].id);
>> + if (!nhe) {
>> + err = -EINVAL;
>> + goto out_no_nh;
>> + }
>> if (!nexthop_get(nhe)) {
>> err = -ENOENT;
>> goto out_no_nh;
>
> These are validated in nh_check_attr_group() and should exist at this point.
> Since remove_nexthop() should run under rtnl I don't see a way for a nexthop
> to disappear after nh_check_attr_group() and before nexthop_create_group().
>
exactly. That lookup can't fail because the ids have been validated and
all of this is under rtnl preventing nexthop removes.
Powered by blists - more mailing lists