From patchwork Tue Jan 12 11:10:43 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Baozeng Ding X-Patchwork-Id: 566490 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id D916D140662 for ; Tue, 12 Jan 2016 22:12:16 +1100 (AEDT) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.b=LijFKyfm; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S934773AbcALLMJ (ORCPT ); Tue, 12 Jan 2016 06:12:09 -0500 Received: from mail-pa0-f66.google.com ([209.85.220.66]:34708 "EHLO mail-pa0-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934758AbcALLMF (ORCPT ); Tue, 12 Jan 2016 06:12:05 -0500 Received: by mail-pa0-f66.google.com with SMTP id yy13so25698943pab.1 for ; Tue, 12 Jan 2016 03:12:04 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=sWyzq0mH+g+x3gmbYzHhFWwtSs/Bf3pj8fkFNC5WGiM=; b=LijFKyfmJVrrI2D385N+n+Kz+lTYsxFLCT1yAzObysJpVBVMlkGHupGLN4zDpBtGnH G3Q8PO6zl2eBQSLkGpvlR1q3NCe9OVaznrGPO7u/2+ya5Dm9zlK06woCDYfragNSSKM1 lfUYEcrZPkvuV9j0E+obxaCVp3+I3LwgPSp0JyMDuFULs4LMu/G1BlO/jQ0eFxsjyKTd u2JsOYUOFdSfRuAluezD4NMgwfOQURkmovo2xNHbv1j4sxM2TMTtv5BVsbN+LqX5gIkg QlQjlpFBl35GYQHEPD/5SAERFR9mxRTW+gDJ6kO9sIwAT6RMuaRRw6EdJujtXjatY0oR l/Rg== X-Received: by 10.66.55.66 with SMTP id q2mr121458984pap.120.1452597124758; Tue, 12 Jan 2016 03:12:04 -0800 (PST) Received: from localhost ([140.205.54.47]) by smtp.gmail.com with ESMTPSA id h87sm29669896pfd.33.2016.01.12.03.12.02 (version=TLS1_2 cipher=AES128-SHA bits=128/128); Tue, 12 Jan 2016 03:12:04 -0800 (PST) From: Baozeng Ding To: davem@davemloft.net Cc: netdev@vger.kernel.org, Baozeng Ding Subject: [PATCH v3] netlink: fix null pointer dereference on nlk->groups Date: Tue, 12 Jan 2016 19:10:43 +0800 Message-Id: <1452597043-4298-1-git-send-email-sploving1@gmail.com> X-Mailer: git-send-email 1.9.1 In-Reply-To: <1452231970-27357-1-git-send-email-sploving1@gmail.com> References: <1452231970-27357-1-git-send-email-sploving1@gmail.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org If groups is not 0 and nlk->groups is NULL, it will not return immediately and cause a null pointer dereference later. Signed-off-by: Baozeng Ding --- The v3 version adds WARN_ON, suggested by David Miller. Thanks for David's feedback. --- net/netlink/af_netlink.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index 59651af..f93d579 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c @@ -1576,7 +1576,10 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, } } - if (!groups && (nlk->groups == NULL || !(u32)nlk->groups[0])) + if (WARN_ON(!nlk->groups)) + return 0; + + if (!groups && !(u32)nlk->groups[0]) return 0; netlink_table_grab();