| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220921181716.1629541-1-floridsleeves@gmail.com>
Date: Wed, 21 Sep 2022 11:17:16 -0700
From: Li Zhong <floridsleeves@...il.com>
To: netdev@...r.kernel.org
Cc: pabeni@...hat.com, kuba@...nel.org, edumazet@...gle.com,
davem@...emloft.net, Li Zhong <floridsleeves@...il.com>
Subject: [PATCH net-next v3] ethtool: tunnels: check the return value of nla_nest_start()
Check the return value of nla_nest_start(). When starting the entry
level nested attributes, if the tailroom of socket buffer is
insufficient to store the attribute header and payload, the return value
will be NULL. It will cause null pointer dereference when entry is used
in nla_nest_end().
Signed-off-by: Li Zhong <floridsleeves@...il.com>
---
net/ethtool/tunnels.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ethtool/tunnels.c b/net/ethtool/tunnels.c
index efde33536687..67fb414ca859 100644
--- a/net/ethtool/tunnels.c
+++ b/net/ethtool/tunnels.c
@@ -136,6 +136,8 @@ ethnl_tunnel_info_fill_reply(const struct ethnl_req_info *req_base,
goto err_cancel_table;
entry = nla_nest_start(skb, ETHTOOL_A_TUNNEL_UDP_TABLE_ENTRY);
+ if (!entry)
+ goto err_cancel_entry;
if (nla_put_be16(skb, ETHTOOL_A_TUNNEL_UDP_ENTRY_PORT,
htons(IANA_VXLAN_UDP_PORT)) ||
--
2.25.1
Powered by blists - more mailing lists