Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp695999ybm; Tue, 21 May 2019 01:49:51 -0700 (PDT) X-Google-Smtp-Source: APXvYqzpQ32M1mp+1icC/GQpnNLgZrCegwljE5ZZ8+iKM3mEuinqBtj73fp7mpb1Wv2X+90hhvfk X-Received: by 2002:a65:4105:: with SMTP id w5mr81247660pgp.260.1558428591225; Tue, 21 May 2019 01:49:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558428591; cv=none; d=google.com; s=arc-20160816; b=wozHFq+wsBkHAix/8zF3K/BTIzlNms9rlRz4Jv9Lz69/kys0xFlIg9xpL8z93n35wL P96gJ40d5fPrbQ/q8YBO2xCjI3E1Vx97QDthjYobCjCB5jfPijld1is66b4tImeDoyzJ Z+wLfBRT5OD6XUvRr1wWr1KPSLnvw5keSLxn/TqMjmJyNbHefha2P5U6BUBFaGUkQCaI VYtwawQZa8Aq9XSHAzqqQFIGjTZ+MXnXSfyls0nCkHyJjU96UYzfzKQG5WETOCw3UCeC ePWab3/e0labeuNSjQbv8Yh63UyChxfwu3VpOwgilA8AByIpxftcjvJIsVmkLK/Jwa5h Fnnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=/3n9FVywoExtKHdkxZu9NrddyvBpvJrl+Pr5EEoKl20=; b=Y+s9r7cVOKps2caXOskksvFqAVwmfkgsddG9QcEnr7amKtlUAnb8qKb4vh1biY5mBD xdaRwalWkBDiNNKmdItOOlN7v25NlyWeySHdY2WflFporexIYLEErXz1wjn9T84QAuBR smZqbrQ9ROWkpxDVBwHWMrCxEoLTiL2UoGSytd8+8Mx3wxlXnL+Zlr23qqaVPEbPgAGe mFeOxQHEzNhm+5UyDV6A41wICEx5mfoKUl4qRAz/3Rv3DkZrWxRbfL4VK2dZYH2Bno+Q 2kNqhMeak/NzNHVyQil9RIMjBBlJx5Rr+8gvmNnsG01GAfI958iKnyIy/CqpbSOyrpKe k3Qw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Tz3yE44r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id p7si21882646pfb.213.2019.05.21.01.49.36; Tue, 21 May 2019 01:49:51 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=Tz3yE44r; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726829AbfEUIsO (ORCPT + 99 others); Tue, 21 May 2019 04:48:14 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:39230 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726247AbfEUIsO (ORCPT ); Tue, 21 May 2019 04:48:14 -0400 Received: by mail-pg1-f193.google.com with SMTP id w22so8235720pgi.6 for ; Tue, 21 May 2019 01:48:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=/3n9FVywoExtKHdkxZu9NrddyvBpvJrl+Pr5EEoKl20=; b=Tz3yE44rwjDdVDy054fLpw6lLbkCNm8v+4v4WRdi7HoRGROYvZAAVe6VGaU+TDnaBn e4EswAaUkjmHxX2ej2XpsN3Nx2VKMx2Fk6CxEb2VS3I5LDzKwLjyv1mlmUk5hOamC4Fk dH2PEPRPu74RELke9sASWQ3y49bNheyKPzt+Lhqc2kOEEkqnADEOcIJ2xfqYymZt1m+9 xoT7sRFQC2cE02g+X2lrSNU6PBrbQNjsLpPq1x2OCIDhCUuIfkvly12AwzI2XE+3hjUm WBewInPSccdKBi1syGNTK/mCIu/g4qQBNuSakf6xJihvYpAIybdBPLl1Xo/oU1TxeSk0 7w0w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=/3n9FVywoExtKHdkxZu9NrddyvBpvJrl+Pr5EEoKl20=; b=JgF1R2HPSIZvKwM+DCzDGSBgD5TA18miN1RFmVvP0v4znjSK9sWNcAogE1Ui+/wG/W SHbm3t81bi8RoHpkKmsm2xyyKn5EjV4fBzfL68ywlAqy7n0TzhW5tPItYQHNyBhpOmiM Qub+kAkIeXKLDOh7KdXBpAMQxrlv6ti2uuO554kbcY/ABGZHgPHBJPN7WkoO6XTZxDZ+ H11eA2KqMtQaxn1HhI0cLHzncjWermxjLkTGLKomglKKkWfAg4xldxxmSR0Mo8riNiYo hHS3slBrz2z7zIEbTfxprTZlKWqGhYEPaJhujUR/1yyNA/IZ9ojcf/l86vC2teKfIgsl ffvA== X-Gm-Message-State: APjAAAXwHMyDS1fIPaeopKkGQhEJ4etrWa1W5vhAbGPV+FmBOoPUpqAl fk+4vM3yKMzvYrHPZJpUDRPR1+6/rKA= X-Received: by 2002:a63:3190:: with SMTP id x138mr78794929pgx.402.1558428494022; Tue, 21 May 2019 01:48:14 -0700 (PDT) Received: from zhanggen-UX430UQ ([66.42.35.75]) by smtp.gmail.com with ESMTPSA id e5sm46062940pgh.35.2019.05.21.01.48.10 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 21 May 2019 01:48:13 -0700 (PDT) Date: Tue, 21 May 2019 16:47:59 +0800 From: Gen Zhang To: kuznet@ms2.inr.ac.ru Cc: linux-kernel@vger.kernel.org Subject: [PATCH] ip_sockglue: Fix a missing-check bug in net/ipv4/ip_sockglue.c Message-ID: <20190521084759.GJ5263@zhanggen-UX430UQ> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In function ip_ra_control(), the pointer new_ra is allocated a memory space via kmalloc(). And it is used in the following codes. However, when there is a memory allocation error, kmalloc() fails. Thus null pointer dereference may happen. And it will cause the kernel to crash. Therefore, we should check the return value and handle the error. Signed-off-by: Gen Zhang --- diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 82f341e..aa3fd61 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -343,6 +343,8 @@ int ip_ra_control(struct sock *sk, unsigned char on, return -EINVAL; new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; + if (on && !new_ra) + return -ENOMEM; mutex_lock(&net->ipv4.ra_mutex); for (rap = &net->ipv4.ra_chain;