nlh is being checked for validtity two times when it is dereferenced in this function. Check for validity again when updating the flags through nlh pointer to make the dereferencing safe.
CC: stable@vger.kernel.org Addresses-Coverity: ("NULL pointer dereference") Signed-off-by: Muhammad Usama Anjum musamaanjum@gmail.com --- net/ipv6/route.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 28801ae80548..a22822bdbf39 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -5206,9 +5206,11 @@ static int ip6_route_multipath_add(struct fib6_config *cfg, * nexthops have been replaced by first new, the rest should * be added to it. */ - cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | - NLM_F_REPLACE); - cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; + if (cfg->fc_nlinfo.nlh) { + cfg->fc_nlinfo.nlh->nlmsg_flags &= ~(NLM_F_EXCL | + NLM_F_REPLACE); + cfg->fc_nlinfo.nlh->nlmsg_flags |= NLM_F_CREATE; + } nhn++; }
Hello:
This patch was applied to netdev/net.git (refs/heads/master):
On Fri, 9 Apr 2021 03:01:29 +0500 you wrote:
nlh is being checked for validtity two times when it is dereferenced in this function. Check for validity again when updating the flags through nlh pointer to make the dereferencing safe.
CC: stable@vger.kernel.org Addresses-Coverity: ("NULL pointer dereference") Signed-off-by: Muhammad Usama Anjum musamaanjum@gmail.com
[...]
Here is the summary with links: - net: ipv6: check for validity before dereferencing cfg->fc_nlinfo.nlh https://git.kernel.org/netdev/net/c/864db232dc70
You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
linux-stable-mirror@lists.linaro.org
-
Muhammad Usama Anjum -
patchwork-bot+netdevbpf@kernel.org