[PATCH] ipv6_sockglue.c: Fix a missing-check bug in net/ipv6/ipv6_sockglue.c

From: Gen Zhang
Date: Tue May 21 2019 - 04:48:51 EST

Next message: Miquel Raynal: "Re: [PATCH v2] mtd: rawnand: Add Macronix NAND read retry support"
Previous message: james qian wang (Arm Technology China): "Re: [PATCH] drm/komeda: Added AFBC support for komeda driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In function ip6_ra_control(), the pointer new_ra is allocated a memory
space via kmalloc(). And it is used in the following codes. However,
when there is a memory allocation error, kmalloc() fails. Thus null
pointer dereference may happen. And it will cause the kernel to crash.
Therefore, we should check the return value and handle the error.

Signed-off-by: Gen Zhang <blackgod016574@xxxxxxxxx>

---
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 40f21fe..0a3d035 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -68,6 +68,8 @@ int ip6_ra_control(struct sock *sk, int sel)
return -ENOPROTOOPT;

new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
+ if (sel >= 0 && !new_ra)
+ return -ENOMEM;

write_lock_bh(&ip6_ra_lock);
for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {

Next message: Miquel Raynal: "Re: [PATCH v2] mtd: rawnand: Add Macronix NAND read retry support"
Previous message: james qian wang (Arm Technology China): "Re: [PATCH] drm/komeda: Added AFBC support for komeda driver"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]