diff mbox series

[net] net: sched: act_tunnel_key: fix NULL pointer dereference during init

Message ID 20190225152827.8741-1-vladbu@mellanox.com
State Accepted
Delegated to: David Miller
Headers show
Series [net] net: sched: act_tunnel_key: fix NULL pointer dereference during init | expand

Commit Message

Vlad Buslov Feb. 25, 2019, 3:28 p.m. UTC 
Metadata pointer is only initialized for action TCA_TUNNEL_KEY_ACT_SET, but
it is unconditionally dereferenced in tunnel_key_init() error handler.
Verify that metadata pointer is not NULL before dereferencing it in
tunnel_key_init error handling code.

Fixes: ee28bb56ac5b ("net/sched: fix memory leak in act_tunnel_key_init()")
Signed-off-by: Vlad Buslov <vladbu@mellanox.com>
---
 net/sched/act_tunnel_key.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

Davide Caratti Feb. 25, 2019, 3:36 p.m. UTC | #1 
On Mon, 2019-02-25 at 17:28 +0200, Vlad Buslov wrote:
> Metadata pointer is only initialized for action TCA_TUNNEL_KEY_ACT_SET, but
> it is unconditionally dereferenced in tunnel_key_init() error handler.
> Verify that metadata pointer is not NULL before dereferencing it in
> tunnel_key_init error handling code.
> 
> Fixes: ee28bb56ac5b ("net/sched: fix memory leak in act_tunnel_key_init()")
> Signed-off-by: Vlad Buslov <vladbu@mellanox.com>
> ---
>  net/sched/act_tunnel_key.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/sched/act_tunnel_key.c b/net/sched/act_tunnel_key.c
> index 8b43fe0130f7..3f943de9a2c9 100644
> --- a/net/sched/act_tunnel_key.c
> +++ b/net/sched/act_tunnel_key.c
> @@ -377,7 +377,8 @@ static int tunnel_key_init(struct net *net, struct nlattr *nla,
>  	return ret;
>  
>  release_tun_meta:
> -	dst_release(&metadata->dst);
> +	if (metadata)
> +		dst_release(&metadata->dst);
>  
>  err_out:
>  	if (exists)

Reviewed-by: Davide Caratti <dcaratti@redhat.com>
David Miller Feb. 25, 2019, 6:16 p.m. UTC | #2 
From: Vlad Buslov <vladbu@mellanox.com>
Date: Mon, 25 Feb 2019 17:28:27 +0200

> Metadata pointer is only initialized for action TCA_TUNNEL_KEY_ACT_SET, but
> it is unconditionally dereferenced in tunnel_key_init() error handler.
> Verify that metadata pointer is not NULL before dereferencing it in
> tunnel_key_init error handling code.
> 
> Fixes: ee28bb56ac5b ("net/sched: fix memory leak in act_tunnel_key_init()")
> Signed-off-by: Vlad Buslov <vladbu@mellanox.com>

Applied and queued up for -stable.
diff mbox series

Patch

diff --git a/net/sched/act_tunnel_key.c b/net/sched/act_tunnel_key.c
index 8b43fe0130f7..3f943de9a2c9 100644
--- a/net/sched/act_tunnel_key.c
+++ b/net/sched/act_tunnel_key.c
@@ -377,7 +377,8 @@  static int tunnel_key_init(struct net *net, struct nlattr *nla,
 	return ret;
 
 release_tun_meta:
-	dst_release(&metadata->dst);
+	if (metadata)
+		dst_release(&metadata->dst);
 
 err_out:
 	if (exists)