From patchwork Fri Jan 12 06:31:18 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Eric Dumazet X-Patchwork-Id: 859525 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b="D9GHrpKr"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zHtDs5bJJz9t3x for ; Fri, 12 Jan 2018 17:31:25 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754005AbeALGbX (ORCPT ); Fri, 12 Jan 2018 01:31:23 -0500 Received: from mail-it0-f51.google.com ([209.85.214.51]:35245 "EHLO mail-it0-f51.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750703AbeALGbW (ORCPT ); Fri, 12 Jan 2018 01:31:22 -0500 Received: by mail-it0-f51.google.com with SMTP id f143so8014014itb.0 for ; Thu, 11 Jan 2018 22:31:22 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=message-id:subject:from:to:cc:date:mime-version :content-transfer-encoding; bh=IdfIdQRCb8UrZf4o7qOvDAfLv7vv8Zl1hD1R7lFomJM=; b=D9GHrpKrwZqL3etvB5Rf80P8+FdIZyiPrP1vPomN2Bit4kVv778qhabzf6rUtiqM1+ j+X+Znv23BUIHFnT4S197xpN5zjH0dBaU94nEBZWg8ITzL/ZiDfhKFcL59N9Ms8t15RJ MyaLUBP4WHNBrnb9Yvk6UqbS403L+3JKvECYlR9lGZHA+R13aiP9amX3SS1nN8IGLYB0 kswkwKJ3qZTb86mQnsobt2fs/0ZAtl6+noR+KSLH7ugS3Ser/r6cV5i4A+VwLMndtTa6 WKQSnPY1oPwsfCH1OcEXXwbx/IioZzW+qHymlXDjT6ZlUQj9CyC63f6J1K/CAokVjpSm ewjQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:message-id:subject:from:to:cc:date:mime-version :content-transfer-encoding; bh=IdfIdQRCb8UrZf4o7qOvDAfLv7vv8Zl1hD1R7lFomJM=; b=IdqdbGZ1BNkjj6TQ+Ejb+I2R0HVhwx2b/mNV+eU3lIc+b0R8lYmefVdnJSCU0c0L/c fvmNg+lOuxHCqDR/EjuNLaSlsj5KbbILYSP+CnDIq13tr9xWrhgzcco9nYw/TQILuXLP 0vWFyj2WGVAlI1WbIeo7G9PI2Y6FU4vv4tEVfgUvkpfVnJJ4LDveuEXdatL8kUuJYa+u ObJo7PeMn5Svap979bIZxrTRQ1OqCIWiuJ9c/cX+phvdhMnzNH7xtKqa6NQgTML5bRYd D4Qfn6BDt2N3UpKQmClMKCd6EsWQBEYM0nbWRcu5P6Rii8+AingKPSFnWxHcCkmrL8QD NfKQ== X-Gm-Message-State: AKwxytei2D0HZZB2N9roML8M5rcPlG7OUAB+qXfSAXZ0O1+ahXexsmkc +eN+ydUtcdixKjVOLwQJ7vb1gw== X-Google-Smtp-Source: ACJfBos/zxFukXWIksWm3A5r7pen2ElJVnIIsJcPxEh6mztvvKi6TuMgwSxBVmLhdpUqXa1IRHbzQQ== X-Received: by 10.36.0.213 with SMTP id 204mr4046254ita.18.1515738681726; Thu, 11 Jan 2018 22:31:21 -0800 (PST) Received: from edumazet-glaptop3.lan (c-67-180-167-114.hsd1.ca.comcast.net. [67.180.167.114]) by smtp.googlemail.com with ESMTPSA id 140sm1993155itx.0.2018.01.11.22.31.19 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Thu, 11 Jan 2018 22:31:20 -0800 (PST) Message-ID: <1515738678.131759.33.camel@gmail.com> Subject: [PATCH net] ipv6: ip6_make_skb() needs to clear cork.base.dst From: Eric Dumazet To: David Miller Cc: netdev , Mike Maloney Date: Thu, 11 Jan 2018 22:31:18 -0800 X-Mailer: Evolution 3.22.6-1+deb9u1 Mime-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Eric Dumazet In my last patch, I missed fact that cork.base.dst was not initialized in ip6_make_skb() : If ip6_setup_cork() returns an error, we might attempt a dst_release() on some random pointer. Fixes: 862c03ee1deb ("ipv6: fix possible mem leaks in ipv6_make_skb()") Signed-off-by: Eric Dumazet Reported-by: syzbot ---  net/ipv6/ip6_output.c |    1 +  1 file changed, 1 insertion(+) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 688ba5f7516b37c87b879036dce781bdcfa01739..78a774e7af12b5725577fb4aa3c917af2e171a8d 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -1733,6 +1733,7 @@ struct sk_buff *ip6_make_skb(struct sock *sk, cork.base.flags = 0; cork.base.addr = 0; cork.base.opt = NULL; + cork.base.dst = NULL; v6_cork.opt = NULL; err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6); if (err) {