| Message ID | 1452231970-27357-1-git-send-email-sploving1@gmail.com |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
Hello. On 01/08/2016 08:46 AM, Baozeng Ding wrote: > If groups is not 0 and nlk->groups is NULL, it will not return > immediately and cause a null pointer dereference later. > > Signed-off-by: Baozeng Ding <sploving1@gmail.com> > --- > net/netlink/af_netlink.c | 10 +++++++--- > 1 file changed, 7 insertions(+), 3 deletions(-) > > diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c > index 59651af..38efde0 100644 > --- a/net/netlink/af_netlink.c > +++ b/net/netlink/af_netlink.c [...] > @@ -1576,14 +1577,17 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, > } > } > > - if (!groups && (nlk->groups == NULL || !(u32)nlk->groups[0])) > + if (nlk->groups == NULL) '!nlk->groups' is preferred in the networking code. [...] MBR, Sergei
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 59651af..38efde0 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1524,6 +1524,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, int err; long unsigned int groups = nladdr->nl_groups; bool bound; + unsigned long nlgroups; if (addr_len < sizeof(struct sockaddr_nl)) return -EINVAL; @@ -1576,14 +1577,17 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, } } - if (!groups && (nlk->groups == NULL || !(u32)nlk->groups[0])) + if (nlk->groups == NULL) + return 0; + nlgroups = nlk->groups[0]; + if (!groups && !(u32)nlgroups) return 0; netlink_table_grab(); netlink_update_subscriptions(sk, nlk->subscriptions + hweight32(groups) - - hweight32(nlk->groups[0])); - nlk->groups[0] = (nlk->groups[0] & ~0xffffffffUL) | groups; + hweight32(nlgroups)); + nlk->groups[0] = (nlgroups & ~0xffffffffUL) | groups; netlink_update_listeners(sk); netlink_table_ungrab();
If groups is not 0 and nlk->groups is NULL, it will not return immediately and cause a null pointer dereference later. Signed-off-by: Baozeng Ding <sploving1@gmail.com> --- net/netlink/af_netlink.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-)