Message ID | 20200703190656.2611535-1-matthieu.baerts@tessares.net |
---|---|
State | Accepted, archived |
Delegated to: | Matthieu Baerts |
Headers | show |
Series | [mptcp-next] diag: fix use-after-free Read in inet_diag_lock_handler | expand |
Hi Christoph, Paolo On 03/07/2020 21:06, Matthieu Baerts wrote: > From: Christoph Paasch <cpaasch@apple.com> > > Syzkaller reported this: > > (...) > > Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/44 > Signed-off-by: Christoph Paasch <cpaasch@apple.com> > Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net> Thank you for the patch and the review! Just applied: - 679d6f510486: "squashed" in "inet_diag: support for wider protocol numbers" - 2596401ff92a: "Signed-off-by" + "Co-developed-by" - 2740cccad3aa + 27bff9d83d8c + 1be53f1b75d5 + 098f1c381adc: tg:msg: signoff of the author at the end - 2051bf32b07e..0ec7680b7e39: result Tests + export are in progress. Cheers, Matt
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c index a3a7ef3fada6..44a7c2dddd33 100644 --- a/net/ipv4/inet_diag.c +++ b/net/ipv4/inet_diag.c @@ -52,7 +52,7 @@ static DEFINE_MUTEX(inet_diag_table_mutex); static const struct inet_diag_handler *inet_diag_lock_handler(int proto) { - if (proto >= IPPROTO_MAX) + if (proto < 0 || proto >= IPPROTO_MAX) return ERR_PTR(-ENOENT); if (!inet_diag_table[proto])