diff options
Diffstat (limited to 'ipv6_sockglue-fix-missing-check-bug-in-ip6_ra_control.patch')
-rw-r--r-- | ipv6_sockglue-fix-missing-check-bug-in-ip6_ra_control.patch | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/ipv6_sockglue-fix-missing-check-bug-in-ip6_ra_control.patch b/ipv6_sockglue-fix-missing-check-bug-in-ip6_ra_control.patch new file mode 100644 index 000000000..e17fc80a6 --- /dev/null +++ b/ipv6_sockglue-fix-missing-check-bug-in-ip6_ra_control.patch @@ -0,0 +1,33 @@ +From 95baa60a0da80a0143e3ddd4d3725758b4513825 Mon Sep 17 00:00:00 2001 +From: Gen Zhang <blackgod016574@gmail.com> +Date: Fri, 24 May 2019 11:19:46 +0800 +Subject: ipv6_sockglue: Fix a missing-check bug in ip6_ra_control() + +In function ip6_ra_control(), the pointer new_ra is allocated a memory +space via kmalloc(). And it is used in the following codes. However, +when there is a memory allocation error, kmalloc() fails. Thus null +pointer dereference may happen. And it will cause the kernel to crash. +Therefore, we should check the return value and handle the error. + +Signed-off-by: Gen Zhang <blackgod016574@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +--- + net/ipv6/ipv6_sockglue.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c +index 40f21fef25ff..0a3d035feb61 100644 +--- a/net/ipv6/ipv6_sockglue.c ++++ b/net/ipv6/ipv6_sockglue.c +@@ -68,6 +68,8 @@ int ip6_ra_control(struct sock *sk, int sel) + return -ENOPROTOOPT; + + new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; ++ if (sel >= 0 && !new_ra) ++ return -ENOMEM; + + write_lock_bh(&ip6_ra_lock); + for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { +-- +cgit 1.2-0.3.lf.el7 + |