From patchwork Tue May 2 14:03:58 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Paolo Abeni X-Patchwork-Id: 9708133 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id B642760349 for ; Tue, 2 May 2017 14:04:13 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id A79ED28449 for ; Tue, 2 May 2017 14:04:13 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 9C4632845E; Tue, 2 May 2017 14:04:13 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0776B28449 for ; Tue, 2 May 2017 14:04:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750884AbdEBOEM (ORCPT ); Tue, 2 May 2017 10:04:12 -0400 Received: from mx1.redhat.com ([209.132.183.28]:50994 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751239AbdEBOEL (ORCPT ); Tue, 2 May 2017 10:04:11 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 3E3C92FB916; Tue, 2 May 2017 14:04:11 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mx1.redhat.com 3E3C92FB916 Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; dmarc=none (p=none dis=none) header.from=redhat.com Authentication-Results: ext-mx09.extmail.prod.ext.phx2.redhat.com; spf=pass smtp.mailfrom=pabeni@redhat.com DKIM-Filter: OpenDKIM Filter v2.11.0 mx1.redhat.com 3E3C92FB916 Received: from dhcp-176-80.mxp.redhat.com (dhcp-176-80.mxp.redhat.com [10.32.176.80]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8875E183C2; Tue, 2 May 2017 14:04:07 +0000 (UTC) From: Paolo Abeni To: linux-rdma@vger.kernel.org Cc: Doug Ledford , Sabrina Dubroca Subject: [PATCH net] infiniband: avoid dereferencing uninitialized dst on error path Date: Tue, 2 May 2017 16:03:58 +0200 Message-Id: <18718a11bb9bc427da129949c5b3527902f9f9ff.1493732887.git.pabeni@redhat.com> X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]); Tue, 02 May 2017 14:04:11 +0000 (UTC) Sender: linux-rdma-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-rdma@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP With commit eea40b8f624f ("infiniband: call ipv6 route lookup via the stub interface"), if the route lookup fails due to ipv6 being disabled, the dst variable is left untouched, and the following dst_release() may access uninitialized memory. Since ipv6_dst_lookup() always sets dst to NULL in case of lookup failure with ipv6 enabled, fix the above just returning the error code if the lookup fails. Fixes: eea40b8f624 ("infiniband: call ipv6 route lookup via the stub interface") Reported-by: Sabrina Dubroca Signed-off-by: Paolo Abeni Reviewed-by: Sabrina Dubroca --- drivers/infiniband/core/addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c index 8fd108d..6c8411a 100644 --- a/drivers/infiniband/core/addr.c +++ b/drivers/infiniband/core/addr.c @@ -446,7 +446,7 @@ static int addr6_resolve(struct sockaddr_in6 *src_in, ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6); if (ret < 0) - goto put; + return ret; rt = (struct rt6_info *)dst; if (ipv6_addr_any(&fl6.saddr)) {