diff mbox series

[net] l2tp: check ps->sock before running pppol2tp_session_ioctl()

Message ID 520e39809f7ca7d8b38282e3a6bf0bbf93219541.1507915312.git.g.nault@alphalink.fr
State Accepted, archived
Delegated to: David Miller
Headers show
Series [net] l2tp: check ps->sock before running pppol2tp_session_ioctl() | expand

Commit Message

Guillaume Nault Oct. 13, 2017, 5:22 p.m. UTC 
When pppol2tp_session_ioctl() is called by pppol2tp_tunnel_ioctl(),
the session may be unconnected. That is, it was created by
pppol2tp_session_create() and hasn't been connected with
pppol2tp_connect(). In this case, ps->sock is NULL, so we need to check
for this case in order to avoid dereferencing a NULL pointer.

Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
---
 net/l2tp/l2tp_ppp.c | 3 +++
 1 file changed, 3 insertions(+)

Comments

David Miller Oct. 15, 2017, 1:39 a.m. UTC | #1 
From: Guillaume Nault <g.nault@alphalink.fr>
Date: Fri, 13 Oct 2017 19:22:35 +0200

> When pppol2tp_session_ioctl() is called by pppol2tp_tunnel_ioctl(),
> the session may be unconnected. That is, it was created by
> pppol2tp_session_create() and hasn't been connected with
> pppol2tp_connect(). In this case, ps->sock is NULL, so we need to check
> for this case in order to avoid dereferencing a NULL pointer.
> 
> Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
> Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>

Applied and queued up for -stable, thanks.
diff mbox series

Patch

diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index bc6e8bfc5be4..f50452b919d5 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -988,6 +988,9 @@  static int pppol2tp_session_ioctl(struct l2tp_session *session,
 		 session->name, cmd, arg);
 
 	sk = ps->sock;
+	if (!sk)
+		return -EBADR;
+
 	sock_hold(sk);
 
 	switch (cmd) {