From patchwork Mon Jan 28 01:18:34 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Horman <horms@verge.net.au>
X-Patchwork-Id: 216087
Return-Path: <netfilter-devel-owner@vger.kernel.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 2F8D52C0092
	for <incoming@patchwork.ozlabs.org>;
	Mon, 28 Jan 2013 12:19:11 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757184Ab3A1BSr (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);
	Sun, 27 Jan 2013 20:18:47 -0500
Received: from kirsty.vergenet.net ([202.4.237.240]:41685 "EHLO
	kirsty.vergenet.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1756930Ab3A1BSp (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Sun, 27 Jan 2013 20:18:45 -0500
Received: from ayumi.akashicho.tokyo.vergenet.net
	(p8120-ipbfp1001kobeminato.hyogo.ocn.ne.jp [118.10.137.120])
	by kirsty.vergenet.net (Postfix) with ESMTP id DE1A525BFB8;
	Mon, 28 Jan 2013 12:18:43 +1100 (EST)
Received: by ayumi.akashicho.tokyo.vergenet.net (Postfix, from userid 7100)
	id 55B19EDE166; Mon, 28 Jan 2013 10:18:37 +0900 (JST)
From: Simon Horman <horms@verge.net.au>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: lvs-devel@vger.kernel.org, netdev@vger.kernel.org,
	netfilter-devel@vger.kernel.org, Wensong Zhang <wensong@linux-vs.org>,
	Julian Anastasov <ja@ssi.bg>,
	Hans Schillstrom <hans.schillstrom@ericsson.com>,
	Hans Schillstrom <hans@schillstrom.com>,
	Jesper Dangaard Brouer <brouer@redhat.com>,
	Dan Carpenter <dan.carpenter@oracle.com>,
	Simon Horman <horms@verge.net.au>
Subject: [PATCH] ipvs: freeing uninitialized pointer on error
Date: Mon, 28 Jan 2013 10:18:34 +0900
Message-Id: <1359335914-27325-2-git-send-email-horms@verge.net.au>
X-Mailer: git-send-email 1.7.10.4
In-Reply-To: <1359335914-27325-1-git-send-email-horms@verge.net.au>
References: <1359335914-27325-1-git-send-email-horms@verge.net.au>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <netfilter-devel.vger.kernel.org>
X-Mailing-List: netfilter-devel@vger.kernel.org

From: Dan Carpenter <dan.carpenter@oracle.com>

If state != IP_VS_STATE_BACKUP then tinfo->buf is uninitialized.  If
kthread_run() fails then it means we free random memory resulting in an
oops.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Signed-off-by: Simon Horman <horms@verge.net.au>
---
 net/netfilter/ipvs/ip_vs_sync.c |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index effa10c..44fd10c 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -1795,6 +1795,8 @@ int start_sync_thread(struct net *net, int state, char *mcast_ifn, __u8 syncid)
 					     GFP_KERNEL);
 			if (!tinfo->buf)
 				goto outtinfo;
+		} else {
+			tinfo->buf = NULL;
 		}
 		tinfo->id = id;