Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1427622AbdDWG3b (ORCPT <rfc822;w@1wt.eu>);
        Sun, 23 Apr 2017 02:29:31 -0400
Received: from m50-134.163.com ([123.125.50.134]:41077 "EHLO m50-134.163.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S933481AbdDWG31 (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sun, 23 Apr 2017 02:29:27 -0400
From: Pan Bian <bianpan2016@163.com>
To: "David S. Miller" <davem@davemloft.net>
Cc: David Ahern <dsa@cumulusnetworks.com>,
        Roopa Prabhu <roopa@cumulusnetworks.com>,
        Alexei Starovoitov <ast@kernel.org>,
        David Lebrun <david.lebrun@uclouvain.be>,
        Tom Herbert <tom@herbertland.com>,
        Robert Shearman <rshearma@brocade.com>, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org, Pan Bian <bianpan2016@163.com>
Subject: [PATCH 1/1] lwtunnel: check return value of nla_nest_start
Date: Sun, 23 Apr 2017 14:28:37 +0800
Message-Id: <1492928917-25628-1-git-send-email-bianpan2016@163.com>
X-Mailer: git-send-email 1.9.1
X-CM-TRANSID: DtGowAC3Qh2VSfxYyRrfAA--.257S3
X-Coremail-Antispam: 1Uf129KBjvdXoW7Jw4xAFyUWFykZry7Kr48WFg_yoWfJwb_Za
        sagFZ7uwn5JFy7Aw1Sk3yfAr9aqFyUur18Xa1xKr9rCrn0y34DKwn7Ary5Gryxur4xW345
        Gwn0yayrtF4jvjkaLaAFLSUrUUUUUb8apTn2vfkv8UJUUUU8Yxn0WfASr-VFAUDa7-sFnT
        9fnUUvcSsGvfC2KfnxnUUI43ZEXa7IU1ItC3UUUUU==
X-Originating-IP: [123.118.194.153]
X-CM-SenderInfo: held01tdqsiiqw6rljoofrz/xtbBZBjCclQG8TYR4AAAso
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 821
Lines: 26

Function nla_nest_start() may return a NULL pointer on error. However,
in function lwtunnel_fill_encap(), the return value of nla_nest_start()
is not validated before it is used. This patch checks the return value
of nla_nest_start() against NULL.

Signed-off-by: Pan Bian <bianpan2016@163.com>
---
 net/core/lwtunnel.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/core/lwtunnel.c b/net/core/lwtunnel.c
index 6df9f8f..3471ce7 100644
--- a/net/core/lwtunnel.c
+++ b/net/core/lwtunnel.c
@@ -216,6 +216,8 @@ int lwtunnel_fill_encap(struct sk_buff *skb, struct lwtunnel_state *lwtstate)
 
 	ret = -EOPNOTSUPP;
 	nest = nla_nest_start(skb, RTA_ENCAP);
+	if (!nest)
+		goto nla_put_failure;
 	rcu_read_lock();
 	ops = rcu_dereference(lwtun_encaps[lwtstate->type]);
 	if (likely(ops && ops->fill_encap))
-- 
1.9.1