| Message ID | 20190726022505.24938-1-baijiaju1990@gmail.com |
|---|---|
| State | Rejected |
| Delegated to: | David Miller |
| Headers | show |
| Series | [1/2] net: ipv4: Fix a possible null-pointer dereference in inet_csk_rebuild_route() | expand |
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c index b43a7ba5c6a4..daedce293aab 100644 --- a/net/ipv4/fib_rules.c +++ b/net/ipv4/fib_rules.c @@ -163,7 +163,7 @@ static bool fib4_rule_suppress(struct fib_rule *rule, struct fib_lookup_arg *arg return false; suppress_route: - if (!(arg->flags & FIB_LOOKUP_NOREF)) + if (!(arg->flags & FIB_LOOKUP_NOREF) && result->fi) fib_info_put(result->fi); return true; }
In fib4_rule_suppress(), there is an if statement on line 145 to check whether result->fi is NULL: if (result->fi) When result->fi is NULL, it is used on line 167: fib_info_put(result->fi); In fib_info_put(), the argument fi is used: if (refcount_dec_and_test(&fi->fib_clntref)) Thus, a possible null-pointer dereference may occur. To fix this bug, result->fi is checked before calling fib_info_put(). This bug is found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> --- net/ipv4/fib_rules.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)