[PATCH 4.3 016/125] tun_dst: Fix potential NULL dereference
From: Greg Kroah-Hartman
Date: Mon Dec 07 2015 - 10:38:46 EST
4.3-stable review patch. If anyone has any objections, please let me know.
------------------
From: Tobias Klauser <tklauser@xxxxxxxxxx>
[ Upstream commit f63ce5b6fa5e9a0faf7a0e1ef2993a502878c78a ]
In tun_dst_unclone() the return value of skb_metadata_dst() is checked
for being NULL after it is dereferenced. Fix this by moving the
dereference after the NULL check.
Found by the Coverity scanner (CID 1338068).
Fixes: fc4099f17240 ("openvswitch: Fix egress tunnel info.")
Cc: Pravin B Shelar <pshelar@xxxxxxxxxx>
Signed-off-by: Tobias Klauser <tklauser@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
include/net/dst_metadata.h | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/include/net/dst_metadata.h
+++ b/include/net/dst_metadata.h
@@ -63,12 +63,13 @@ static inline struct metadata_dst *tun_r
static inline struct metadata_dst *tun_dst_unclone(struct sk_buff *skb)
{
struct metadata_dst *md_dst = skb_metadata_dst(skb);
- int md_size = md_dst->u.tun_info.options_len;
+ int md_size;
struct metadata_dst *new_md;
if (!md_dst)
return ERR_PTR(-EINVAL);
+ md_size = md_dst->u.tun_info.options_len;
new_md = metadata_dst_alloc(md_size, GFP_ATOMIC);
if (!new_md)
return ERR_PTR(-ENOMEM);
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/