[PATCH] net: core: Fix possible null-pointer dereference in failover_slave_register()
From: Tuo Li
Date: Tue Aug 10 2021 - 05:18:31 EST
The variable fops is checked in:
if (fops && fops->slave_pre_register &&
fops->slave_pre_register(slave_dev, failover_dev))
This indicates that it can be NULL.
However, it is dereferenced when calling netdev_rx_handler_register():
err = netdev_rx_handler_register(slave_dev, fops->slave_handle_frame,
failover_dev);
To fix this possible null-pointer dereference, check fops first, and if
it is NULL, assign -EINVAL to err.
Reported-by: TOTE Robot <oslab@xxxxxxxxxxxxxxx>
Signed-off-by: Tuo Li <islituo@xxxxxxxxx>
---
net/core/failover.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/net/core/failover.c b/net/core/failover.c
index b5cd3c727285..113a4dacdf48 100644
--- a/net/core/failover.c
+++ b/net/core/failover.c
@@ -63,8 +63,11 @@ static int failover_slave_register(struct net_device *slave_dev)
fops->slave_pre_register(slave_dev, failover_dev))
goto done;
- err = netdev_rx_handler_register(slave_dev, fops->slave_handle_frame,
+ if (fops)
+ err = netdev_rx_handler_register(slave_dev, fops->slave_handle_frame,
failover_dev);
+ else
+ err = -EINVAL;
if (err) {
netdev_err(slave_dev, "can not register failover rx handler (err = %d)\n",
err);
--
2.25.1