Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp6135509yba;
        Wed, 1 May 2019 06:43:16 -0700 (PDT)
X-Google-Smtp-Source: APXvYqx/yG7B1/U2plmy068Cl44S5m+r85+D0G3uy5OP8QLUhlUhOf0aeZo+oFhRXJ/bYgzH4yBF
X-Received: by 2002:a17:902:8bca:: with SMTP id r10mr31690876plo.67.1556718196457;
        Wed, 01 May 2019 06:43:16 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556718196; cv=none;
        d=google.com; s=arc-20160816;
        b=XuKgJHTBlArn59M/zjBGr8mTgCtQbypx+P1uotmCjTaNftVq26g6//n4AOgrdGzyN/
         p8aT+PI6swl9ZqYKCZL69VB9OO6g4Rtrkhp0pWnBDOl8C6FGvP5doJdI9t2mCHESYAo2
         g2kprHpXNo2HLIwnoL5/qjyAk8Q3xeljyeFE/mVAj2d8jX+5AqBTfyZhIYzb8+UvAR/Y
         PiFbJi7MRWCk2v0OVTtmVr9jL9kNNjbQzSLUzSoXiB0eBf6rPAz0w3unipVnrLvHJQwW
         aqZxONAFCSr/8UfA3oElYXZxMNFCcACoTyn9uq186Ytrwon5HSV7IxXwSnXi0V9CeB/N
         5ugg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=MED1EgLnChJuXSaPCXZacnLx+y6UDtHeMwLWh4cQ16I=;
        b=pyt2MRQgzETBkd9Yo5+laWp2w61+yToHlpSGrZSGiAW3Ck3DStwPclfGzIfFMpwAeS
         t75VkpuM0Fn+QfyNjgO+mtatTdfPmFHJuTx3vmMyz3swpMbplDfIpo/JL7I/8q0BoWwF
         3LXD6E1KnvxPg4vSfSjbqnVM8DMBg2QzEo2uNPIywkFXViKcnjHCUhap9GDXQawzD11G
         hczBoNBPPJ8ngIo+/HDjjzvZlllEf2qneOy4wPo/kcZprFoYAQ0k5Tpvq6YdnOx22W9P
         SOT4ZQwoAV7Z/dd3qsbi7H89h2L3KX+CkYqLbjXD60LX6QbsTn0fDd6mUP/3ulLJGIQP
         HSiQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id w8si38618183pgr.529.2019.05.01.06.43.00;
        Wed, 01 May 2019 06:43:16 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726480AbfEANmI (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Wed, 1 May 2019 09:42:08 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:47651 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1726010AbfEANmI (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 1 May 2019 09:42:08 -0400
Received: from 1.general.cking.uk.vpn ([10.172.193.212] helo=localhost)
        by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32)
        (Exim 4.76)
        (envelope-from <colin.king@canonical.com>)
        id 1hLpUp-000820-OF; Wed, 01 May 2019 13:42:03 +0000
From:   Colin King <colin.king@canonical.com>
To:     Pravin B Shelar <pshelar@ovn.org>,
        "David S . Miller" <davem@davemloft.net>, netdev@vger.kernel.org,
        dev@openvswitch.org
Cc:     kernel-janitors@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH][next] openvswitch: check for null pointer return from nla_nest_start_noflag
Date:   Wed,  1 May 2019 14:41:58 +0100
Message-Id: <20190501134158.15307-1-colin.king@canonical.com>
X-Mailer: git-send-email 2.20.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Colin Ian King <colin.king@canonical.com>

The call to nla_nest_start_noflag can return null in the unlikely
event that nla_put returns -EMSGSIZE.  Check for this condition to
avoid a null pointer dereference on pointer nla_reply.

Addresses-Coverity: ("Dereference null return value")
Fixes: 11efd5cb04a1 ("openvswitch: Support conntrack zone limit")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
 net/openvswitch/conntrack.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
index c4128082f88b..333ec5f298fe 100644
--- a/net/openvswitch/conntrack.c
+++ b/net/openvswitch/conntrack.c
@@ -2175,6 +2175,10 @@ static int ovs_ct_limit_cmd_get(struct sk_buff *skb, struct genl_info *info)
 		return PTR_ERR(reply);
 
 	nla_reply = nla_nest_start_noflag(reply, OVS_CT_LIMIT_ATTR_ZONE_LIMIT);
+	if (!nla_reply) {
+		err = -EMSGSIZE;
+		goto exit_err;
+	}
 
 	if (a[OVS_CT_LIMIT_ATTR_ZONE_LIMIT]) {
 		err = ovs_ct_limit_get_zone_limit(
-- 
2.20.1