| Message ID | 20180718161216.27820-2-sthemmin@microsoft.com |
|---|---|
| State | Not Applicable |
| Headers | show |
| Series | openvswitch tests for nla_nest_start | expand |
On Wed, Jul 18, 2018 at 9:12 AM, Stephen Hemminger <stephen@networkplumber.org> wrote: > The call to nla_nest_start in conntrack can lead to a NULL > return so it's possible for attr to become NULL and we can potentially > get a NULL pointer dereference on attr. Fix this by checking for > a NULL return. > > Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200533 > Fixes: 11efd5cb04a1 ("openvswitch: Support conntrack zone limit") > Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> > --- > net/openvswitch/conntrack.c | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c > index 284aca2a252d..2e316f641df8 100644 > --- a/net/openvswitch/conntrack.c > +++ b/net/openvswitch/conntrack.c > @@ -2132,6 +2132,8 @@ static int ovs_ct_limit_cmd_get(struct sk_buff *skb, struct genl_info *info) > return PTR_ERR(reply); > > nla_reply = nla_nest_start(reply, OVS_CT_LIMIT_ATTR_ZONE_LIMIT); > + if (!nla_reply) > + return PRT_ERR(-EMSGSIZE); > > if (a[OVS_CT_LIMIT_ATTR_ZONE_LIMIT]) { > err = ovs_ct_limit_get_zone_limit( > -- Acked-by: Pravin B Shelar <pshelar@ovn.org> Thanks.
diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c index 284aca2a252d..2e316f641df8 100644 --- a/net/openvswitch/conntrack.c +++ b/net/openvswitch/conntrack.c @@ -2132,6 +2132,8 @@ static int ovs_ct_limit_cmd_get(struct sk_buff *skb, struct genl_info *info) return PTR_ERR(reply); nla_reply = nla_nest_start(reply, OVS_CT_LIMIT_ATTR_ZONE_LIMIT); + if (!nla_reply) + return PRT_ERR(-EMSGSIZE); if (a[OVS_CT_LIMIT_ATTR_ZONE_LIMIT]) { err = ovs_ct_limit_get_zone_limit(
The call to nla_nest_start in conntrack can lead to a NULL return so it's possible for attr to become NULL and we can potentially get a NULL pointer dereference on attr. Fix this by checking for a NULL return. Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=200533 Fixes: 11efd5cb04a1 ("openvswitch: Support conntrack zone limit") Signed-off-by: Stephen Hemminger <stephen@networkplumber.org> --- net/openvswitch/conntrack.c | 2 ++ 1 file changed, 2 insertions(+)