Received: by 2002:a25:86ce:0:0:0:0:0 with SMTP id y14csp2566998ybm; Thu, 23 May 2019 20:22:12 -0700 (PDT) X-Google-Smtp-Source: APXvYqxUkr374hJFJ5LwTHaUU3aKB3w/iG64gUt8JBWbFQALXC3d55ns1Q73G0FB8C7ckQ+J9Fvw X-Received: by 2002:a17:90a:3848:: with SMTP id l8mr6333931pjf.142.1558668131972; Thu, 23 May 2019 20:22:11 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1558668131; cv=none; d=google.com; s=arc-20160816; b=wob8nSKB+kMW4uXVUKkBgBvIW0QZE8IGDnLFXEs99yBPBtuidpZ6XD2Y/GV2ZZ0br0 /+znnCd8gH2Sue8RA/RsOoYzhP8WYR3QYvVTGFvkKIVtM+/7mK0TQLCAC5xGT9kj2IZu fajWBtr4kL5Kvl4FGlUyjf2SvJt2URT12bGAPXQ6bKUA/jw8Va9NUpi9/5LzQi50opOl ipQ17rsrGCfTsh0k3zTUU60ta6yaaaz6z7HTkuAN/5bzfgsZKGZPsrUL4ZdhtO4+cU6z EITdC0PXcXCYTN5/GXQii1MjvGqRbQrLjMWk1b6w0VAsu3BBmcwc8UDRV0+VayMfKSKY 1IlQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:content-disposition :mime-version:message-id:subject:cc:to:from:date:dkim-signature; bh=/46rsZ0TTMrZw/Frg4uFqjjAL1q6S8X5odognbNJDoY=; b=gaQEieSzfpZhvK66Djv69qG03iIgq9q0AzlQBaR+un7EOGHjFmaz6HrT2axO8JtQsU g6vs0flPuZyxkh9NkLU2uj4NXM13u46ziEsEWUm+/ti56UcJjDGw8q6eQoxtp22drlaZ Vu1rC1NVA0tM6ne/ItqLSwLwHupQRJ+12Kgq2oIJ7G0hdOzhfYWYB+ArOLij0aGbNh+W 8PkjI58vcv/fLzh21tQ2bER6O1EebxaaS0GW/BfAe8NqFWHQSbc0h4ZQlHmmI+nSQHsM yvPFMAQgIycAiIRP1+LCfku/YSmIQJIabmUw01RijVpxBd0D6ulV+1zEtVQBhElZdDeh QN7w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=U0zV4CMf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h96si2226206pjb.43.2019.05.23.20.21.52; Thu, 23 May 2019 20:22:11 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=U0zV4CMf; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731816AbfEXDUW (ORCPT + 99 others); Thu, 23 May 2019 23:20:22 -0400 Received: from mail-pg1-f193.google.com ([209.85.215.193]:41917 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729972AbfEXDUW (ORCPT ); Thu, 23 May 2019 23:20:22 -0400 Received: by mail-pg1-f193.google.com with SMTP id z3so4214391pgp.8; Thu, 23 May 2019 20:20:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition :user-agent; bh=/46rsZ0TTMrZw/Frg4uFqjjAL1q6S8X5odognbNJDoY=; b=U0zV4CMfeMlVJWaUSgQ8PLNxvkC7aaW5aY89tbgl4GaWQU9Hytv9KaCr4wB7cP/3+/ eyAmLSx0MVQv7+FYZGKEGkuPZf5ajCwkatcsePz56UoZvUHrRM8tJQb5uIyI4JMs5rcy zci/srp1GX2M7ji6XHLLZsnDq2xYpEkh9K+2h6NHRzYlpuUB8W55RzrpezKijTRg1w21 q76WbfjwE3llc4+aE8ZYtT4uI9t0yJz3dJLl1TUxsq24iJC3nf0d9mv4AYGoB8tAZn8v l8Den+dLrfUoExfU8Z49Hzn2Jw7ZFwgdykpVDRkwSjL1i0NrjKsRHDV9CVNZSz5ViTQw CZCw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition:user-agent; bh=/46rsZ0TTMrZw/Frg4uFqjjAL1q6S8X5odognbNJDoY=; b=kP+KagRvX8r008BxAjA6xJxIJs123Rzb8U+bLvGuMV+TgUIcs3DtpRxOh2fz3tVWZI MQeLDL9rfRvYbeS6Oi/bR2lePCsXDNhbWCx4U4/Nrtzw7CM19tYI4DATIoFJRibZOab0 x7EUbNIsbS/FsjA9esDZAIDwo/o0ewxt0BTwEN25XtIE8gmdTjsw4u/fPReR8ALFoGJr W1G75N8ucs3to44bsRvzhNBoJZZvccTB9NDDzoeWRO2tqlI8hNIy0KP6pHqerScZD2P+ N4HM5wz+ZbwquiwjOUi0+LQIbgPrpIRZTNK/IsvIC7RK9u06O3IM4DWSuL+cexJoA8ir 7CKg== X-Gm-Message-State: APjAAAVt88D6oNEDP2X/9dsgb8+I7iCId1IToZw/jK8DeOlQCEztyIHu f6NwIxGJeGIb8eG88389fjW7wABwLSA= X-Received: by 2002:aa7:8219:: with SMTP id k25mr16878817pfi.38.1558668021303; Thu, 23 May 2019 20:20:21 -0700 (PDT) Received: from zhanggen-UX430UQ ([66.42.35.75]) by smtp.gmail.com with ESMTPSA id g17sm902746pfb.56.2019.05.23.20.20.02 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 23 May 2019 20:20:20 -0700 (PDT) Date: Fri, 24 May 2019 11:19:46 +0800 From: Gen Zhang To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH] ipv6_sockglue: Fix a missing-check bug in ip6_ra_control() Message-ID: <20190524031946.GA6463@zhanggen-UX430UQ> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.24 (2015-08-30) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In function ip6_ra_control(), the pointer new_ra is allocated a memory space via kmalloc(). And it is used in the following codes. However, when there is a memory allocation error, kmalloc() fails. Thus null pointer dereference may happen. And it will cause the kernel to crash. Therefore, we should check the return value and handle the error. Signed-off-by: Gen Zhang --- diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 40f21fe..0a3d035 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -68,6 +68,8 @@ int ip6_ra_control(struct sock *sk, int sel) return -ENOPROTOOPT; new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; + if (sel >= 0 && !new_ra) + return -ENOMEM; write_lock_bh(&ip6_ra_lock); for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {