Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp695784ybm; Tue, 21 May 2019 01:49:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqy6h0qVhMiSmfqb8u2YaU2ctKQNzMtb0xZFhb5t198tVzP4g4pBaXMpO0wXcbRFT5H3AiC5 X-Received: by 2002:a65:4b88:: with SMTP id t8mr80812700pgq.374.1558428571033; Tue, 21 May 2019 01:49:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558428571; cv=none; d=google.com; s=arc-20160816; b=q50gI+JV2wwCfufn9bTPORgbRTohohsEPXsCtuQQ75z0PZRY0Aitxxv2Jk+9MsuKyb DeZMmBy30f2u8UCPFh2WcngdG5fpX2zP8vuYZc0OlQbBkkNoxzZeGpuWob7GsT82XzSZ PcI4UB2UPQ8Ca9kxFFKpXeE2AXRF8NNM/NwKEJR7bzQ1FcvOumg0rS5pnYCl2D1dKjhL jZhG6afFFkULFhwrWNNwvmWsr+OIdCpwDPnEQnsdETliGdIMjGHA+HlzCur+pgCnTrce lENESLwTtRjhiVdeXkyXYFrmWFu5wx2jJ4zV6jlMkDygqX7f9mH4wQUKn7R4AX8n1RUo 4koQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=/46rsZ0TTMrZw/Frg4uFqjjAL1q6S8X5odognbNJDoY=; b=BwvYBpONrL/PbxE++11hKuldKg485v7pGtxfQUmsU0JG0QfPrlU1JF8XRKyesKgtF9 lUDPdwvjqcPQSAcvm6ALXdSno3fEG0mAGullUjMzUZB5gDGcges1Eduyxgyx6Tx79FOd BwUn3w9b3XfUT+MDG7M1ak8zbnmgo1HghIOn3Nwad04N3UXtfk1o3tp+JHJfbK8UTrMM R0vK4B1lbpEwuNu3dK9PXKbtT51WcizxnW0COcvomr1PT/BMroeh/WGSpYCLsCgw1+ps eB2RAndipEBmZXmxr2x08NL3PyH/lyM22E3zE5wWxafsEnXpsyGgZzZBKmT0rhNY4ySV t7hA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LzhMW9Ya; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p25si21397085pli.202.2019.05.21.01.49.15; Tue, 21 May 2019 01:49:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=LzhMW9Ya; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726766AbfEUIqV (ORCPT + 99 others); Tue, 21 May 2019 04:46:21 -0400 Received: from mail-pg1-f195.google.com ([209.85.215.195]:39078 "EHLO mail-pg1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726296AbfEUIqU (ORCPT ); Tue, 21 May 2019 04:46:20 -0400 Received: by mail-pg1-f195.google.com with SMTP id w22so8233282pgi.6 for ; Tue, 21 May 2019 01:46:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=/46rsZ0TTMrZw/Frg4uFqjjAL1q6S8X5odognbNJDoY=; b=LzhMW9YayLa5GY6/vmBvGp2kse5Fixy6Xsdk/iyVU62XdxrPJ0x5UvnjPxwfYgru5R 8UUw1s+oKunkhSYNIfLDSskfqkrQYRp32RDWmDJ4iLRW2fiA1n6ez9cBsKawuf38QHXb 5aC72kWzyFTVTJpiOG+Ev/6VPgn6PEHisMBF6TNEcCAHzbFGvyKQ0974b3U1VHakm5WL h9lHZzzQ3oFRlRARlJwWABqNrcU5clCp9+5Ulwo6fu7ujMDNFplHQ94wOgVlrYKqC6/c 85jzYTD8U9QC1xZ8KCmH45tzQB3e4IelUGSR/lBv9p5KYoyOFpf6UlKEEXp0sfVvWmmO yTOA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=/46rsZ0TTMrZw/Frg4uFqjjAL1q6S8X5odognbNJDoY=; b=cosmmsPeeCw+XKRs8zNzH5OaFCqTC2BtnhKdLeY08rNCVpT9JP6fl5FoJkSMYWps7A sb80dr9yoU8jg6Vii3YNBNttS4vjk9GPIWFPdUrMRg3jL0FwDUTbyKaC63/iAvi7Rs9r XkZ8iswtr/qp+zWgqracRSCp6fgdfbyfcEkt8ukMRpAs9PUvrSymP+xhiT9BMzfjse9Q zwG8AJXyMu0L6cvVRsDZcn5kIw1WL4HamOFewFKNzUIsDRMhsz09lK4prs3db0nBjFAN YnMCLFPl1L5HKOxshYhezbZoOVNukoZ/jwpoygPA5lK7lmhUplI2wRw55gYOivV+ovrR ebSA== X-Gm-Message-State: APjAAAXN4ERVz61x/xzNKA0szCjTw/1xK63UkVNYw1UKh0TH3LooVgz+ LWnqSOH7o9/nfSJ0XCAPdJa8GoYAmYQ= X-Received: by 2002:a62:5801:: with SMTP id m1mr49165659pfb.32.1558428380247; Tue, 21 May 2019 01:46:20 -0700 (PDT) Received: from zhanggen-UX430UQ ([66.42.35.75]) by smtp.gmail.com with ESMTPSA id s24sm24300431pfe.57.2019.05.21.01.46.14 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 May 2019 01:46:19 -0700 (PDT) Date: Tue, 21 May 2019 16:46:06 +0800 From: Gen Zhang To: davem@davemloft.net Cc: linux-kernel@vger.kernel.org Subject: [PATCH] ipv6_sockglue.c: Fix a missing-check bug in net/ipv6/ipv6_sockglue.c Message-ID: <20190521084152.GI5263@zhanggen-UX430UQ> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In function ip6_ra_control(), the pointer new_ra is allocated a memory space via kmalloc(). And it is used in the following codes. However, when there is a memory allocation error, kmalloc() fails. Thus null pointer dereference may happen. And it will cause the kernel to crash. Therefore, we should check the return value and handle the error. Signed-off-by: Gen Zhang --- diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 40f21fe..0a3d035 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -68,6 +68,8 @@ int ip6_ra_control(struct sock *sk, int sel) return -ENOPROTOOPT; new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; + if (sel >= 0 && !new_ra) + return -ENOMEM; write_lock_bh(&ip6_ra_lock); for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {