Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp872678pxf; Thu, 8 Apr 2021 15:03:29 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzWHt86tKtJOb141Axon9Rq8bsQXxwE5j30dpBpktBCTIGblZ0FdPWqy2DAEe8GUzYaIYu8 X-Received: by 2002:a17:906:1314:: with SMTP id w20mr13141260ejb.438.1617919409077; Thu, 08 Apr 2021 15:03:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617919409; cv=none; d=google.com; s=arc-20160816; b=eP+V+ot5Im6Xvfj5lZqdb/QR2gEenepAhwOoqilCnStMRuF8PxXl8jKwAMSHSdODDV a4seQwn1sNL+F1t9c+dcO4EmddaMmDsOlv+LtktI1iqtNrg0OcVj6igJ4a7L9e71UR8x D6IYZnTLGN6AwATLxWoFORTViPBwB4MtumodTQNd6ZVvmWHK0b++lxgW39qV/WNjPtYZ v5UOvq3nWZOS4ojblX0iZjkEXMBbPSTv53Ou0iAE6KBNrais7fg4hUQuBvLuFegZ7kv/ Of5MlB1A12ISKxEfzv+WpexUJURBArBRZFUEANtBfIzAlkwRzPWxLWiTrOD/v+HUXWMg n6iA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-disposition:mime-version:message-id :subject:cc:to:from:date:dkim-signature; bh=1k2oFebJMetFk2MF03n3BhfJ/Z6puGCIo7fh0K3MdcY=; b=zXr/U75NyZoi0RF2HjfQku50gMslL/3Xqi15mmX3ks/LH0yZ+ru8vWB2mnnAnU1YSY FsoKuimAG+aSZk6hIbCiXSlOCH91qYgVtH9FfJn88it04RknGIFplIDT+aUtxzQ7jYqc 46jD4UveBUAJARsfnPZ25CrTNhrxHDZFpu3k3UMuFNYVQ5E99X5ZgoOrreZ1iKh610Mg HEO5gSqAQZ6snbAfpYbAq4+kDgbkkgm+fMCDA8Dva4W3pN7tvPAmNEnk1q5laDN8b3jn eN1snsN/MKuchzvMvbPSNIn8VcG2Fo6jPHo5Y0Noiw89ehvWqNd+4fgNYmCBL1mR/O7m EUrQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PRkaV10c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id pj11si406721ejb.582.2021.04.08.15.03.06; Thu, 08 Apr 2021 15:03:29 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20161025 header.b=PRkaV10c; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232696AbhDHWBu (ORCPT + 99 others); Thu, 8 Apr 2021 18:01:50 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38540 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232265AbhDHWBt (ORCPT ); Thu, 8 Apr 2021 18:01:49 -0400 Received: from mail-wm1-x335.google.com (mail-wm1-x335.google.com [IPv6:2a00:1450:4864:20::335]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 22F33C061761; Thu, 8 Apr 2021 15:01:37 -0700 (PDT) Received: by mail-wm1-x335.google.com with SMTP id a76so1928593wme.0; Thu, 08 Apr 2021 15:01:37 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=date:from:to:cc:subject:message-id:mime-version:content-disposition; bh=1k2oFebJMetFk2MF03n3BhfJ/Z6puGCIo7fh0K3MdcY=; b=PRkaV10clS+sLFEZRt0+mqBC/zm4SqmmBE9Gqa81Fz0xckmRM+MJuOI2M525VQlPg1 D5ThmRBHKWpYoIIiGkgzco8KJcvyMvcQhWi8lgTawXnBb9X4vbWGi+Y9vf8atwhaj5Ce oFAcr1MFJG5lO0AX4iRggn7HIDdTiy8mGxoDh05Fc4HUGzghplJf7iXLMSwakD6v8iUk B9EVN7msrL3jru4b556NUvx41K9Xfo0LdNBQiwJ9avVKkMZyfu4+jAQHMS+EOWDLKzKu I4Oiud+uTZ6fvFUCUzU5NhlcOcMRebMxa6lIohFsp8fzpu80DzrK6aSyMO1SHYKujZY1 6DUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version :content-disposition; bh=1k2oFebJMetFk2MF03n3BhfJ/Z6puGCIo7fh0K3MdcY=; b=ox0DLYGIulOlNlVs3qBUO4xkNyO+l+LckU3+jFFFV2nRF8w0zCYekGLkZA0f9KfTIy yizGVZQWzd8ZRJqYNmoU2XF90D97b6lRi0SDX51uwJ+Wfb4Gud3PY1vkfi1QojbJzIji X1+lU/s/POy8zsBKXYbLp3L+8x0en5rMrYMQY6Bu5+GtWtbx9wPxYvWhiIrcPxVKhpiZ NMvQ4JX6RgQIelw3WlFRVk7I7n5xseb1lldg63wVkAdgdgg+auTLM/04IllZvJb8va4s nO31ZmQNmr/Y/sS/hDEOZtkGjfVFSFPHp1k9mZUql9QAdBW5WDh/5gjLbthP9u/mWS0J k5lw== X-Gm-Message-State: AOAM530IGM9gC3WYkeaykLvERzyoSUrvxwVQ+EcojL74Qnk47y7CZPmw EClZvTUsC+DJAn5VcNaDt0E= X-Received: by 2002:a1c:4c0c:: with SMTP id z12mr10800685wmf.38.1617919295698; Thu, 08 Apr 2021 15:01:35 -0700 (PDT) Received: from LEGION ([39.46.7.73]) by smtp.gmail.com with ESMTPSA id o7sm1041687wrs.16.2021.04.08.15.01.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 08 Apr 2021 15:01:35 -0700 (PDT) Date: Fri, 9 Apr 2021 03:01:29 +0500 From: Muhammad Usama Anjum To: "David S. Miller" , Hideaki YOSHIFUJI , David Ahern , Jakub Kicinski , "open list:NETWORKING [IPv4/IPv6]" , open list Cc: musamaanjum@gmail.com, kernel-janitors@vger.kernel.org, colin.king@canonical.com, dan.carpenter@oracle.com, stable@vger.kernel.org Subject: [PATCH] net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh Message-ID: <20210408220129.GA3111136@LEGION> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org nlh is being checked for validtity two times when it is dereferenced in this function. Check for validity again when updating the flags through nlh pointer to make the dereferencing safe. CC: Addresses-Coverity: ("NULL pointer dereference") Signed-off-by: Muhammad Usama Anjum --- net/ipv6/route.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 28801ae80548..a22822bdbf39 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5206,9 +5206,11 @@ static int ip6_route_multipath_add(struct fib6_config *cfg, * nexthops have been replaced by first new, the rest should * be added to it. */ - cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | - NLM_F_REPLACE); - cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; + if (cfg->fc_nlinfo.nlh) { + cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | + NLM_F_REPLACE); + cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; + } nhn++; } -- 2.25.1