| Message ID | 18718a11bb9bc427da129949c5b3527902f9f9ff.1493732887.git.pabeni@redhat.com (mailing list archive) |
|---|---|
| State | Accepted |
| Headers | show |
On Tue, 2017-05-02 at 16:03 +0200, Paolo Abeni wrote: > With commit eea40b8f624f ("infiniband: call ipv6 route lookup > via the stub interface"), if the route lookup fails due to > ipv6 being disabled, the dst variable is left untouched, and > the following dst_release() may access uninitialized memory. > > Since ipv6_dst_lookup() always sets dst to NULL in case of > lookup failure with ipv6 enabled, fix the above just > returning the error code if the lookup fails. > > Fixes: eea40b8f624 ("infiniband: call ipv6 route lookup via the stub > interface") > Reported-by: Sabrina Dubroca <sd@queasysnail.net> > Signed-off-by: Paolo Abeni <pabeni@redhat.com> > Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> > --- > drivers/infiniband/core/addr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/drivers/infiniband/core/addr.c > b/drivers/infiniband/core/addr.c > index 8fd108d..6c8411a 100644 > --- a/drivers/infiniband/core/addr.c > +++ b/drivers/infiniband/core/addr.c > @@ -446,7 +446,7 @@ static int addr6_resolve(struct sockaddr_in6 > *src_in, > > ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, > &fl6); > if (ret < 0) > - goto put; > + return ret; > > rt = (struct rt6_info *)dst; > if (ipv6_addr_any(&fl6.saddr)) { Thanks, applied.
diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c index 8fd108d..6c8411a 100644 --- a/drivers/infiniband/core/addr.c +++ b/drivers/infiniband/core/addr.c @@ -446,7 +446,7 @@ static int addr6_resolve(struct sockaddr_in6 *src_in, ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6); if (ret < 0) - goto put; + return ret; rt = (struct rt6_info *)dst; if (ipv6_addr_any(&fl6.saddr)) {
With commit eea40b8f624f ("infiniband: call ipv6 route lookup via the stub interface"), if the route lookup fails due to ipv6 being disabled, the dst variable is left untouched, and the following dst_release() may access uninitialized memory. Since ipv6_dst_lookup() always sets dst to NULL in case of lookup failure with ipv6 enabled, fix the above just returning the error code if the lookup fails. Fixes: eea40b8f624 ("infiniband: call ipv6 route lookup via the stub interface") Reported-by: Sabrina Dubroca <sd@queasysnail.net> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Reviewed-by: Sabrina Dubroca <sd@queasysnail.net> --- drivers/infiniband/core/addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)