merge f29, rebase to 5.1kernel-5.1.6-250.vanilla.knurd.1.fc29

1 files changed, 33 insertions, 0 deletions

diff --git a/0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch b/0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch
new file mode 100644
index 000000000..de07ef732
--- /dev/null
+++ b/0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch
@@ -0,0 +1,33 @@
+From 425aa0e1d01513437668fa3d4a971168bbaa8515 Mon Sep 17 00:00:00 2001
+From: Gen Zhang <blackgod016574@gmail.com>
+Date: Fri, 24 May 2019 11:24:26 +0800
+Subject: [PATCH] ip_sockglue: Fix missing-check bug in ip_ra_control()
+
+In function ip_ra_control(), the pointer new_ra is allocated a memory
+space via kmalloc(). And it is used in the following codes. However,
+when  there is a memory allocation error, kmalloc() fails. Thus null
+pointer dereference may happen. And it will cause the kernel to crash.
+Therefore, we should check the return value and handle the error.
+
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ net/ipv4/ip_sockglue.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
+index 82f341e84fae..aa3fd61818c4 100644
+--- a/net/ipv4/ip_sockglue.c
++++ b/net/ipv4/ip_sockglue.c
+@@ -343,6 +343,8 @@ int ip_ra_control(struct sock *sk, unsigned char on,
+ 		return -EINVAL;
+
+ 	new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
++	if (on && !new_ra)
++		return -ENOMEM;
+
+ 	mutex_lock(&net->ipv4.ra_mutex);
+ 	for (rap = &net->ipv4.ra_chain;
+-- 
+2.21.0
+