From patchwork Thu May 15 07:07:54 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffen Klassert X-Patchwork-Id: 349073 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3EE611400D4 for ; Thu, 15 May 2014 17:08:16 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754063AbaEOHIK (ORCPT ); Thu, 15 May 2014 03:08:10 -0400 Received: from a.mx.secunet.com ([195.81.216.161]:44773 "EHLO a.mx.secunet.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753792AbaEOHIJ (ORCPT ); Thu, 15 May 2014 03:08:09 -0400 Received: from localhost (alg1 [127.0.0.1]) by a.mx.secunet.com (Postfix) with ESMTP id CAF311A00BC; Thu, 15 May 2014 09:08:08 +0200 (CEST) X-Virus-Scanned: by secunet Received: from a.mx.secunet.com ([127.0.0.1]) by localhost (a.mx.secunet.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id OMNiRs45ufx2; Thu, 15 May 2014 09:08:03 +0200 (CEST) Received: from mail-gw-int (unknown [10.53.40.207]) by a.mx.secunet.com (Postfix) with ESMTP id 9F5FD1A00B1; Thu, 15 May 2014 09:08:03 +0200 (CEST) Received: from [10.53.40.204] (port=47378 helo=mail-essen-01.secunet.de) by mail-gw-int with esmtp (Exim 4.80 #2 (Debian)) id 1Wkplr-0006om-0s; Thu, 15 May 2014 09:08:03 +0200 Received: from gauss.dd.secunet.de (10.182.7.102) by mail-essen-01.secunet.de (10.53.40.204) with Microsoft SMTP Server id 14.3.181.6; Thu, 15 May 2014 09:08:02 +0200 Received: by gauss.dd.secunet.de (Postfix, from userid 1000) id A9DFD5C0748; Thu, 15 May 2014 09:08:01 +0200 (CEST) From: Steffen Klassert To: David Miller CC: Herbert Xu , Steffen Klassert , Subject: [PATCH 4/6] xfrm6: Properly handle unsupported protocols Date: Thu, 15 May 2014 09:07:54 +0200 Message-ID: <1400137676-27565-5-git-send-email-steffen.klassert@secunet.com> X-Mailer: git-send-email 1.7.9.5 In-Reply-To: <1400137676-27565-1-git-send-email-steffen.klassert@secunet.com> References: <1400137676-27565-1-git-send-email-steffen.klassert@secunet.com> MIME-Version: 1.0 X-Originating-IP: [10.182.7.102] Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org We don't catch the case if an unsupported protocol is submitted to the xfrm6 protocol handlers, this can lead to NULL pointer dereferences. Fix this by adding the appropriate checks. Fixes: 7e14ea15 ("xfrm6: Add IPsec protocol multiplexer") Signed-off-by: Steffen Klassert --- net/ipv6/xfrm6_protocol.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/net/ipv6/xfrm6_protocol.c b/net/ipv6/xfrm6_protocol.c index 6ab989c..54d13f8 100644 --- a/net/ipv6/xfrm6_protocol.c +++ b/net/ipv6/xfrm6_protocol.c @@ -50,6 +50,10 @@ int xfrm6_rcv_cb(struct sk_buff *skb, u8 protocol, int err) { int ret; struct xfrm6_protocol *handler; + struct xfrm6_protocol __rcu **head = proto_handlers(protocol); + + if (!head) + return 0; for_each_protocol_rcu(*proto_handlers(protocol), handler) if ((ret = handler->cb_handler(skb, err)) <= 0) @@ -184,10 +188,12 @@ int xfrm6_protocol_register(struct xfrm6_protocol *handler, struct xfrm6_protocol __rcu **pprev; struct xfrm6_protocol *t; bool add_netproto = false; - int ret = -EEXIST; int priority = handler->priority; + if (!proto_handlers(protocol) || !netproto(protocol)) + return -EINVAL; + mutex_lock(&xfrm6_protocol_mutex); if (!rcu_dereference_protected(*proto_handlers(protocol), @@ -230,6 +236,9 @@ int xfrm6_protocol_deregister(struct xfrm6_protocol *handler, struct xfrm6_protocol *t; int ret = -ENOENT; + if (!proto_handlers(protocol) || !netproto(protocol)) + return -EINVAL; + mutex_lock(&xfrm6_protocol_mutex); for (pprev = proto_handlers(protocol);