Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp323423pxb;
        Thu, 7 Apr 2022 06:42:24 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzavDwNwOE1SYFmONXxaswGb3K4rq/hcbSkWQpNSeHU4q2ayVxGROpfkCb2YYqG9antWDEU
X-Received: by 2002:a17:90b:1d08:b0:1c7:3b51:8b41 with SMTP id on8-20020a17090b1d0800b001c73b518b41mr15815769pjb.210.1649338944681;
        Thu, 07 Apr 2022 06:42:24 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1649338944; cv=none;
        d=google.com; s=arc-20160816;
        b=hJlL5U4MKSzbH4ooQ3eBiLOhKakyU1kecrGPwSha/5iYe+BGzvnLE9E/ouLf6LqeCo
         PTR7CsZ+C4yr1Mc62LSDyw/vDzpKIlmXW1foY3G45Vkr57Mspy0JIctx3n+w6zxNZTnM
         VgsEORTJ2KuZ7IKuPnDbymDmKxuXh/EFSNwopQWED8eiFEcw7qtu6hKYLHLYCX5ZGZgd
         JyFGZW2pTRiWMItwri7H8S8TCJkkTS3SQArrh/q3ApTNzNOSiyT6zMG2CEN7VG44/8g5
         IkojiW+O7/b38aOG1+ZY4edP4ZXhWmTUEgIaquCbBKY4G9fmAIJel9GaEjMZ41hgbAC3
         5tKA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:mime-version:message-id:date:subject:cc:to:from;
        bh=Yt/ehLcIr2vWPT60qw93aU7s9ZU5OUnRVJTXczhFMDM=;
        b=SdVcC49rA7SjUH38p8XtV5detuHOe7HgCxW/K/BHRJ6dXiINjKeUmlauRHVlqulXUk
         /SsxwPbM5pctqDT6ZGEbSiC4ANNBmXbQBEjQAHKQSBIeI/QO06iwG+3Hot+PLVjUlT4Z
         yvGlmZ21l+sO1hB0Y+EvFur2QxnQ6uycwmqbhAV7B6HCNK7vx/nLPiDayX9doL4zn2cF
         wH/1AK/7IhThoje3v2jCLTJ3ngPZdATGCfmRlJdF9rrdih+vb5zWfnyrALBs0GpP1EQY
         Yj+hJfj4JUrNicIM8la9WmN4LirzsQCAbI2glwbO3J/AdEX5dG49CA+7SW+shgc4z7pE
         oI5Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id ob15-20020a17090b390f00b001bf6d2ed1a3si2081791pjb.31.2022.04.07.06.42.08;
        Thu, 07 Apr 2022 06:42:24 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S239291AbiDGCkX (ORCPT <rfc822;arunks.linux@gmail.com>
        + 99 others); Wed, 6 Apr 2022 22:40:23 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46756 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S233222AbiDGCkV (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 6 Apr 2022 22:40:21 -0400
Received: from mail.meizu.com (edge05.meizu.com [157.122.146.251])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5218ADE903;
        Wed,  6 Apr 2022 19:38:21 -0700 (PDT)
Received: from IT-EXMB-1-125.meizu.com (172.16.1.125) by mz-mail12.meizu.com
 (172.16.1.108) with Microsoft SMTP Server (TLS) id 14.3.487.0; Thu, 7 Apr
 2022 10:38:20 +0800
Received: from meizu.meizu.com (172.16.137.70) by IT-EXMB-1-125.meizu.com
 (172.16.1.125) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2308.14; Thu, 7 Apr
 2022 10:38:19 +0800
From:   Haowen Bai <baihaowen@meizu.com>
To:     Alexei Starovoitov <ast@kernel.org>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Andrii Nakryiko <andrii@kernel.org>,
        Martin KaFai Lau <kafai@fb.com>,
        Song Liu <songliubraving@fb.com>, Yonghong Song <yhs@fb.com>,
        John Fastabend <john.fastabend@gmail.com>,
        KP Singh <kpsingh@kernel.org>
CC:     Haowen Bai <baihaowen@meizu.com>, <netdev@vger.kernel.org>,
        <bpf@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: [PATCH] libbpf: potential NULL dereference in usdt_manager_attach_usdt()
Date:   Thu, 7 Apr 2022 10:38:17 +0800
Message-ID: <1649299098-2069-1-git-send-email-baihaowen@meizu.com>
X-Mailer: git-send-email 2.7.4
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [172.16.137.70]
X-ClientProxiedBy: IT-EXMB-1-126.meizu.com (172.16.1.126) To
 IT-EXMB-1-125.meizu.com (172.16.1.125)
X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,KHOP_HELO_FCRDNS,
        SPF_HELO_NONE,SPF_SOFTFAIL,T_SCC_BODY_TEXT_LINE autolearn=no
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

link could be null but still dereference bpf_link__destroy(&link->link)
and it will lead to a null pointer access.

Signed-off-by: Haowen Bai <baihaowen@meizu.com>
---
 tools/lib/bpf/usdt.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tools/lib/bpf/usdt.c b/tools/lib/bpf/usdt.c
index 1bce2eab5e89..b02ebc4ba57c 100644
--- a/tools/lib/bpf/usdt.c
+++ b/tools/lib/bpf/usdt.c
@@ -996,7 +996,7 @@ struct bpf_link *usdt_manager_attach_usdt(struct usdt_manager *man, const struct
 	link = calloc(1, sizeof(*link));
 	if (!link) {
 		err = -ENOMEM;
-		goto err_out;
+		goto link_err;
 	}
 
 	link->usdt_man = man;
@@ -1072,7 +1072,7 @@ struct bpf_link *usdt_manager_attach_usdt(struct usdt_manager *man, const struct
 
 err_out:
 	bpf_link__destroy(&link->link);
-
+link_err:
 	free(targets);
 	hashmap__free(specs_hash);
 	if (elf)
-- 
2.7.4