Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp419061lqp; Thu, 21 Mar 2024 05:35:48 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVBCUzdX9240cWACdRVI7r0VGFU3IpZcu7N3cDPnoXXYbXIeTfE9ZrLL/B4vpKqkgCEDG7ULy1vEi3UsTTKvoIaf/iTgXsjUFOThBsiEQ== X-Google-Smtp-Source: AGHT+IHKnKeswgBvrHmj0RkjG01IZXzH8s5IVCicLBcESRBzXmed6/piMlFJy9esVwnPM/S9jtvj X-Received: by 2002:a17:902:64c9:b0:1de:ec6b:50b1 with SMTP id y9-20020a17090264c900b001deec6b50b1mr4162051pli.54.1711024547889; Thu, 21 Mar 2024 05:35:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711024547; cv=pass; d=google.com; s=arc-20160816; b=Ok+giSj2xLbHUqR5HXASawkriA+gnGpne8ByzHDubA5ygmE/LZM6cCCOoYz3vNkoo1 x6MeEB2mdx0+AQG4DvOkeI5KdEYuk19wePG5qBIuw07j+PyDKBtHoBO4+gRn/nSTUIVp kbmrHpqKV1juZTT3NLdtFLvXKux4BA1wOYUVZBxUlV0lgIhOBKjf+YCZa2mEuf36gKfs 9LlH3cBvyW4xV2jNes9isJ6qtPmZ0B185KCcD+dPPwW/yGbHQrzosJ4gwxJgYlHVlUor Iq7752lu8YTm36BZafRhF9dDsLEz66DP/HZWTp8fCnwiofl5w1xaq2Lg8Ig1SrDJJKBm gZmQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from; bh=j1H7eV7g/Gkeyf8F+ihtSQWewD8CcJh14Y9Zrfq1fRM=; fh=ebwGlHuemVI7iZpImYeWNgDgZADQ32vik5aLwqV0zIU=; b=WOG9MfrqyCdEQbQ0KiycFfCK7NOQSULk3M/HuzK5OOY9GyIpD4Vjpsm+AhfB6lBoWi L2micbxd/F9tCn2dvXOcrzadGh6wx8JzF/dIm2ASJOiJWCKDwIjCKI2Pf1Uy36cjvizv jhGXo/D3eCN11k2ZFPXkd2kdl/4+xp568fsPo5i6Zg/R3XUW4WixBPNT528rc3IMtJDu utBYIVZG3rc8sNR3bW7L7Yh/WBisOcX88YdNBsFRdxLJqghB4jNq9WpF42KDeK9Fs2ly b9ulOyRlK8/Soy4MTR+lzEhwXXmrKWTCzC++YYMJhKHpAoyuWlzl7+L3BTpJ4vi7Jm/b sMUA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; arc=pass (i=1 spf=pass spfdomain=astralinux.ru); spf=pass (google.com: domain of linux-kernel+bounces-110038-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-110038-linux.lists.archive=gmail.com@vger.kernel.org" Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id p15-20020a170902780f00b001dffbdeaafasi10449694pll.100.2024.03.21.05.35.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Mar 2024 05:35:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-110038-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; arc=pass (i=1 spf=pass spfdomain=astralinux.ru); spf=pass (google.com: domain of linux-kernel+bounces-110038-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-110038-linux.lists.archive=gmail.com@vger.kernel.org" Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 8A5BE284BE5 for ; Thu, 21 Mar 2024 12:35:47 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id DAAA183CB9; Thu, 21 Mar 2024 12:35:38 +0000 (UTC) Received: from new-mail.astralinux.ru (new-mail.astralinux.ru [51.250.53.244]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id DE9521CA98; Thu, 21 Mar 2024 12:35:33 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=51.250.53.244 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711024538; cv=none; b=mDz48pPcd6PMrByqM634gXy+nBqGlb9vJorr1dvkNFIqjI/ldjK0f71tg8pVpDudKjxsAD1c61txGYShnACCJD2EFKbJyYnxSvhHH5Ay+zigxHZ+f/VeDmQFh3Da1Ni9JjevIxe0YsNzy/aiQ/nt0D4OafCIXKV/bs6LZ3+JL6E= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711024538; c=relaxed/simple; bh=4TKY33L5OYoSI/i+t5Rf7IO4C2V8xKSF29Hm5DbaqXU=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=CLurwKlMXQXx1VVv6NVzBkh84CJLeuwEdBCoUnXiQzFzjsh/dOMi3DV+NlJSz9lrGZ4ScA/BPzLl6R4FTjBrxmaVLYLZdcuXtdYaUkM5gp/WVZ61zQKmW4bl0t3xydPAq1ldStePfXgAbEJKhu6pE6brI/cCg0s4NwshmAXZ4DY= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=astralinux.ru; spf=pass smtp.mailfrom=astralinux.ru; arc=none smtp.client-ip=51.250.53.244 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=astralinux.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=astralinux.ru Received: from rbta-msk-lt-106062.astralinux.ru (unknown [176.59.168.90]) by new-mail.astralinux.ru (Postfix) with ESMTPA id 4V0lKt2Rb3zlVps; Thu, 21 Mar 2024 15:35:30 +0300 (MSK) From: Anastasia Belova To: "David S. Miller" Cc: Anastasia Belova , Eric Dumazet , Jakub Kicinski , Jiri Pirko , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, lvc-project@linuxtesting.org Subject: [PATCH v2] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect Date: Thu, 21 Mar 2024 15:34:46 +0300 Message-Id: <20240321123446.7012-1-abelova@astralinux.ru> X-Mailer: git-send-email 2.30.2 In-Reply-To: References: Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-DrWeb-SpamScore: -100 X-DrWeb-SpamState: legit X-DrWeb-SpamDetail: gggruggvucftvghtrhhoucdtuddrgedvfedrvdehuddgtddvucetufdoteggodetrfcurfhrohhfihhlvgemucfftfghgfeunecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpefhvfevufffkffojghfggfgsedtkeertdertddtnecuhfhrohhmpeetnhgrshhtrghsihgruceuvghlohhvrgcuoegrsggvlhhovhgrsegrshhtrhgrlhhinhhugidrrhhuqeenucggtffrrghtthgvrhhnpeevhfduuefhueektdefkedvgfekgfekffegvdetffehfefhffejhfehveevudeigfenucffohhmrghinheplhhinhhugihtvghsthhinhhgrdhorhhgnecukfhppedujeeirdehledrudeikedrledtnecurfgrrhgrmhephhgvlhhopehrsghtrgdqmhhskhdqlhhtqddutdeitdeivddrrghsthhrrghlihhnuhigrdhruhdpihhnvghtpedujeeirdehledrudeikedrledtmeegfedvjeejpdhmrghilhhfrhhomheprggsvghlohhvrgesrghsthhrrghlihhnuhigrdhruhdpnhgspghrtghpthhtohepkedprhgtphhtthhopegurghvvghmsegurghvvghmlhhofhhtrdhnvghtpdhrtghpthhtoheprggsvghlohhvrgesrghsthhrrghlihhnuhigrdhruhdprhgtphhtthhopegvughumhgriigvthesghhoohhglhgvrdgtohhmpdhrtghpthhtohepkhhusggrsehkvghrnhgvlhdrohhrghdprhgtphhtthhopehjihhrihesrhgvshhnuhhllhhirdhushdprhgtph htthhopehnvghtuggvvhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehlihhnuhigqdhkvghrnhgvlhesvhhgvghrrdhkvghrnhgvlhdrohhrghdprhgtphhtthhopehlvhgtqdhprhhojhgvtghtsehlihhnuhigthgvshhtihhnghdrohhrgh X-DrWeb-SpamVersion: Vade Retro 01.423.251#02 AS+AV+AP Profile: DRWEB; Bailout: 300 X-AntiVirus: Checked by Dr.Web [MailD: 11.1.19.2307031128, SE: 11.1.12.2210241838, Core engine: 7.00.62.01180, Virus records: 12528158, Updated: 2024-Mar-21 10:27:40 UTC] skb is an optional parameter, so it may be NULL. Add check defore dereference in eth_hdr. Found by Linux Verification Center (linuxtesting.org) with SVACE. Fixes: 690e36e726d0 ("net: Allow raw buffers to be passed into the flow dissector.") Signed-off-by: Anastasia Belova --- net/core/flow_dissector.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 272f09251343..68a8228ffae3 100644 --- a/net/core/flow_dissector.c +++ b/net/core/flow_dissector.c @@ -1139,6 +1139,8 @@ bool __skb_flow_dissect(const struct net *net, if (dissector_uses_key(flow_dissector, FLOW_DISSECTOR_KEY_ETH_ADDRS)) { + if (!skb) + goto out_bad; struct ethhdr *eth = eth_hdr(skb); struct flow_dissector_key_eth_addrs *key_eth_addrs; -- 2.30.2