Patchwork ip6_tunnel: fix potential NULL pointer dereference

login
register
mail settings
Submitter Susant Sahani
Date May 9, 2014, 6:41 p.m.
Message ID <1399660892-19008-1-git-send-email-susant@redhat.com>
Download mbox | patch
Permalink /patch/347293/
State Accepted
Delegated to: David Miller
Headers show

Comments

David Miller - May 9, 2014, 5:12 p.m.
From: Susant Sahani <susant@redhat.com>
Date: Sat, 10 May 2014 00:11:32 +0530

> The function ip6_tnl_validate assumes that the rtnl
> attribute IFLA_IPTUN_PROTO always be filled . If this
> attribute is not filled by  the userspace application
> kernel get crashed with NULL pointer dereference. This
> patch fixes the potential kernel crash when
> IFLA_IPTUN_PROTO is missing .
> 
> Signed-off-by: Susant Sahani <susant@redhat.com>
> Acked-by: Thomas Graf <tgraf@suug.ch>

You really need to fix the date on your computer, it was not
Saturday May 10th when you submitted this patch.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
David Miller - May 9, 2014, 5:19 p.m.
From: Susant Sahani <susant@redhat.com>
Date: Fri, 09 May 2014 22:47:28 +0530

> On 05/09/2014 10:42 PM, David Miller wrote:
>> From: Susant Sahani <susant@redhat.com>
>> Date: Sat, 10 May 2014 00:11:32 +0530
>>
>>> The function ip6_tnl_validate assumes that the rtnl
>>> attribute IFLA_IPTUN_PROTO always be filled . If this
>>> attribute is not filled by  the userspace application
>>> kernel get crashed with NULL pointer dereference. This
>>> patch fixes the potential kernel crash when
>>> IFLA_IPTUN_PROTO is missing .
>>>
>>> Signed-off-by: Susant Sahani <susant@redhat.com>
>>> Acked-by: Thomas Graf <tgraf@suug.ch>
>> You really need to fix the date on your computer, it was not
>> Saturday May 10th when you submitted this patch.
> Do you want me to resend it again ?

It's not necessary this time, but just realize that this makes my work
harder because your patch looked like the most recent one submitted in
patchwork because the date was always newer than anything else being
submitted meanwhile.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Susant Sahani - May 9, 2014, 6:41 p.m.
The function ip6_tnl_validate assumes that the rtnl
attribute IFLA_IPTUN_PROTO always be filled . If this
attribute is not filled by  the userspace application
kernel get crashed with NULL pointer dereference. This
patch fixes the potential kernel crash when
IFLA_IPTUN_PROTO is missing .

Signed-off-by: Susant Sahani <susant@redhat.com>
Acked-by: Thomas Graf <tgraf@suug.ch>
---
 net/ipv6/ip6_tunnel.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
David Miller - May 13, 2014, 4:27 a.m.
From: Susant Sahani <susant@redhat.com>
Date: Sat, 10 May 2014 00:11:32 +0530

> The function ip6_tnl_validate assumes that the rtnl
> attribute IFLA_IPTUN_PROTO always be filled . If this
> attribute is not filled by  the userspace application
> kernel get crashed with NULL pointer dereference. This
> patch fixes the potential kernel crash when
> IFLA_IPTUN_PROTO is missing .
> 
> Signed-off-by: Susant Sahani <susant@redhat.com>
> Acked-by: Thomas Graf <tgraf@suug.ch>

Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Patch

diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index b05b609..f6a66bb 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -1557,7 +1557,7 @@  static int ip6_tnl_validate(struct nlattr *tb[], struct nlattr *data[])
 {
 	u8 proto;
 
-	if (!data)
+	if (!data || !data[IFLA_IPTUN_PROTO])
 		return 0;
 
 	proto = nla_get_u8(data[IFLA_IPTUN_PROTO]);