| Message ID | 1463390094-9235-1-git-send-email-richard.alpe@ericsson.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
This is a serious bug, so it should be posted to net, not net-next. Otherwise, Acked-by: Jon Maloy <jon.maloy@ericsson.cm> ///jon > -----Original Message----- > From: Richard Alpe [mailto:richard.alpe@ericsson.com] > Sent: Monday, 16 May, 2016 05:15 > To: netdev@vger.kernel.org > Cc: sploving1@gmail.com; tipc-discussion@lists.sourceforge.net; > eric.dumazet@gmail.com > Subject: [tipc-discussion] [PATCH net-next] tipc: check nl sock before parsing > nested attributes > > Make sure the socket for which the user is listing publication exists > before parsing the socket netlink attributes. > > Prior to this patch a call without any socket caused a NULL pointer > dereference in tipc_nl_publ_dump(). > > Tested-and-reported-by: Baozeng Ding <sploving1@gmail.com> > Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> > --- > net/tipc/socket.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/tipc/socket.c b/net/tipc/socket.c > index 1262889..3b7a799 100644 > --- a/net/tipc/socket.c > +++ b/net/tipc/socket.c > @@ -2853,6 +2853,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct > netlink_callback *cb) > if (err) > return err; > > + if (!attrs[TIPC_NLA_SOCK]) > + return -EINVAL; > + > err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX, > attrs[TIPC_NLA_SOCK], > tipc_nl_sock_policy); > -- > 2.1.4 > > > ------------------------------------------------------------------------------ > Mobile security can be enabling, not merely restricting. Employees who > bring their own devices (BYOD) to work are irked by the imposition of MDM > restrictions. Mobile Device Manager Plus allows you to control only the > apps on BYO-devices by containerizing them, leaving personal data untouched! > https://ad.doubleclick.net/ddm/clk/304595813;131938128;j > _______________________________________________ > tipc-discussion mailing list > tipc-discussion@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/tipc-discussion
On Mon, 2016-05-16 at 14:06 +0000, Jon Maloy wrote: > This is a serious bug, so it should be posted to net, not net-next. > > Otherwise, > Acked-by: Jon Maloy <jon.maloy@ericsson.cm> Well, linux-4.6 is out, so it does not really matter. Next push from David will use his net-next tree. Thanks.
From: Richard Alpe <richard.alpe@ericsson.com> Date: Mon, 16 May 2016 11:14:54 +0200 > Make sure the socket for which the user is listing publication exists > before parsing the socket netlink attributes. > > Prior to this patch a call without any socket caused a NULL pointer > dereference in tipc_nl_publ_dump(). > > Tested-and-reported-by: Baozeng Ding <sploving1@gmail.com> > Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> Applied and queued up for -stable.
diff --git a/net/tipc/socket.c b/net/tipc/socket.c index 1262889..3b7a799 100644 --- a/net/tipc/socket.c +++ b/net/tipc/socket.c @@ -2853,6 +2853,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb) if (err) return err; + if (!attrs[TIPC_NLA_SOCK]) + return -EINVAL; + err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX, attrs[TIPC_NLA_SOCK], tipc_nl_sock_policy);
Make sure the socket for which the user is listing publication exists before parsing the socket netlink attributes. Prior to this patch a call without any socket caused a NULL pointer dereference in tipc_nl_publ_dump(). Tested-and-reported-by: Baozeng Ding <sploving1@gmail.com> Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> --- net/tipc/socket.c | 3 +++ 1 file changed, 3 insertions(+)