Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp682375ybm; Tue, 21 May 2019 01:31:56 -0700 (PDT) X-Google-Smtp-Source: APXvYqy/n6JtaUmRiqmGE+bd/p/7B/BmFsEAUWvQERxx7D5UQyHIGlm84OuEeDhRlRjpTdH98Hed X-Received: by 2002:a17:902:bd46:: with SMTP id b6mr19897261plx.173.1558427515933; Tue, 21 May 2019 01:31:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558427515; cv=none; d=google.com; s=arc-20160816; b=Q1L05wqayvp5KMb5xj03ZaTdN6lSdyf0MJ2YOGm2Szvlku5vOFdqog/F/EcIjw/plo FWeCH8m3+5pKWbDMAS5CJlGucJcQ+GFuyne4g01JtiZOdZNFh4I5BJxV6dlYqGIYEqn+ 64I/UrytkloyUAYgMGv5rlUg7UK6agbouUU1tKAS3v92ZZEVRxBr7z9rs5YgiK3s30bB +9V5fU1T7p08uWtzvnV+50t/e477WBx6k9IEwGRaJ/xF/B3cmmVdnGVJuUQzQmTZLkh3 DzMct/X7/GiextT2uZSukvB9gexugD6r7KFXr1LEHdhCrVg8DU+VbSyvDSQZv5okDX54 rQOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=9qeftURaw9bNNJSJoi031v74IuX9clV0memLNOVE3Es=; b=IkXmbJZhG+BKo6cpBM6XCFBuvxZkuvZrT72JJRcwyFLYXJ3Eyb4Qe3Yfdbd5Q7ysuN N0CtLjmrsdaLnU6wEa55Cq5MCW7i2XCDa/5X/6Ev5hTPqLzbVNsVz7LlpG6byW8bMJVz vpe9fb95crULfheRf7JmaCBR3SqmJZwTEjkg/JWT29rhp63IZdv9u9R7KV/GwzGzN+hS 3914mndg+NMUb+Q/8nlKGaTT1kFNOSkv0QLi0T5kQOpYszZRStcVMDaklD2E6/0YqZUg 8LbMNyoXrXT9U2Ham0CZQEMK6IWvmPDuDhR9IMlkCcMbVzRHUwZ69l1UY4c7XFtNyaKo 1CYw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="uSPF/Pby"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e15si21000171pge.578.2019.05.21.01.31.40; Tue, 21 May 2019 01:31:55 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b="uSPF/Pby"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726461AbfEUIae (ORCPT + 99 others); Tue, 21 May 2019 04:30:34 -0400 Received: from mail-pf1-f193.google.com ([209.85.210.193]:45067 "EHLO mail-pf1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726138AbfEUIad (ORCPT ); Tue, 21 May 2019 04:30:33 -0400 Received: by mail-pf1-f193.google.com with SMTP id s11so8673608pfm.12 for ; Tue, 21 May 2019 01:30:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=9qeftURaw9bNNJSJoi031v74IuX9clV0memLNOVE3Es=; b=uSPF/Pbyn+gaKgyHyihhk4/QO+kCcO9zv2D9HXhLuWw/IUkeMEokUMFdhM/3wSWCOA J2pEYb/1WHNiM4jKeduto620LmTNYagArXmPSlM5m7bk2nea32vh5GsQwcOvsVZdyste c/xbU6cC57XLLi2i8GDsQMRLP6ltxWBy3csXX5Y912vgu0dOySTbPwUZgaMuyx7gYKUs oHxV1FUbKkmRhbBl//I2PCXdq57SMkr0i7W64c57B6LLJRjUrLERnSRLh6KtVoL74L/A B3W/r0yovHT4X4bMg0XqO1J8tIMwOXwv8Zk4RQC3VXK35Ins0SH4rCYqmZ3zvHt2E23I 2B8g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=9qeftURaw9bNNJSJoi031v74IuX9clV0memLNOVE3Es=; b=Kqh/Sxy4TjH/PzWakmj4pxvPjNsR8MkfbMpAirZuVWLuF9jVC6Cj6Vi8QEvaAKQpvY m4ascN4ZYA8+azQ8DHB5dsCvsblZH3sxEwmMCylW5c3uLSN13WXrBUNViKm5naeJ9905 7cvEsrzHrH4z+DVkigUaDupwgHnyH9KT9MgkkPnUc+opB92VZ+Tz26n7Ylk5Jj312Z5W sxpsld9givNN7xBa25uT4nP93UctcJQMv2VQEiL1XV8zHI6vAvdC3thS5Y71HaGhj8PA 0SH5jABpvp1LVHeZjqdGrFxcRFl1XovsmGXRaLtNNCcvx51KQgReJg252RjBMiPqd6cQ VACQ== X-Gm-Message-State: APjAAAV7W5MyrZN5Q/81zkOpPfI4pV3mNH9jY7auwuuxd9OPjxLoES22 wrfCBSZc2lzSQ/4YxSlVJvw= X-Received: by 2002:a63:27c3:: with SMTP id n186mr76908898pgn.189.1558427433316; Tue, 21 May 2019 01:30:33 -0700 (PDT) Received: from zhanggen-UX430UQ ([66.42.35.75]) by smtp.gmail.com with ESMTPSA id t25sm33432031pfq.91.2019.05.21.01.30.24 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 May 2019 01:30:32 -0700 (PDT) Date: Tue, 21 May 2019 16:30:17 +0800 From: Gen Zhang To: songliubraving@fb.com Cc: linux-kernel@vger.kernel.org Subject: [PATCH] ip_sockglue: Fix a missing-check bug in net/ipv4/ip_sockglue.c Message-ID: <20190521083017.GH5263@zhanggen-UX430UQ> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In function ip_ra_control(), the pointer new_ra is allocated a memory space via kmalloc(). And it is used in the following codes. However, when there is a memory allocation error, kmalloc() fails. Thus null pointer dereference may happen. And it will cause the kernel to crash. Therefore, we should check the return value and handle the error. Signed-off-by: Gen Zhang --- diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 82f341e..d445839 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -343,6 +343,8 @@ int ip_ra_control(struct sock *sk, unsigned char on, return -EINVAL; new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; + if (!new_ra) + return -ENOMEM; mutex_lock(&net->ipv4.ra_mutex); for (rap = &net->ipv4.ra_chain;