Message ID | 520e39809f7ca7d8b38282e3a6bf0bbf93219541.1507915312.git.g.nault@alphalink.fr |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Series | [net] l2tp: check ps->sock before running pppol2tp_session_ioctl() | expand |
From: Guillaume Nault <g.nault@alphalink.fr> Date: Fri, 13 Oct 2017 19:22:35 +0200 > When pppol2tp_session_ioctl() is called by pppol2tp_tunnel_ioctl(), > the session may be unconnected. That is, it was created by > pppol2tp_session_create() and hasn't been connected with > pppol2tp_connect(). In this case, ps->sock is NULL, so we need to check > for this case in order to avoid dereferencing a NULL pointer. > > Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP") > Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Applied and queued up for -stable, thanks.
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c index bc6e8bfc5be4..f50452b919d5 100644 --- a/net/l2tp/l2tp_ppp.c +++ b/net/l2tp/l2tp_ppp.c @@ -988,6 +988,9 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, session->name, cmd, arg); sk = ps->sock; + if (!sk) + return -EBADR; + sock_hold(sk); switch (cmd) {
When pppol2tp_session_ioctl() is called by pppol2tp_tunnel_ioctl(), the session may be unconnected. That is, it was created by pppol2tp_session_create() and hasn't been connected with pppol2tp_connect(). In this case, ps->sock is NULL, so we need to check for this case in order to avoid dereferencing a NULL pointer. Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP") Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> --- net/l2tp/l2tp_ppp.c | 3 +++ 1 file changed, 3 insertions(+)