[ethtool,1/2] netlink: fix use after free in netlink_run_handler()

Commit Message

Michal Kubecek Nov. 9, 2020, 12:30 p.m. UTC

Valgrind detected use after free in netlink_run_handler(): some members of
struct nl_context are accessed after the netlink context is freed by
netlink_done(). Use local variables to store the two flags and check them
instead.

Fixes: 6c19c0d559c8 ("netlink: use genetlink ops information to decide about fallback")
Signed-off-by: Michal Kubecek <mkubecek@suse.cz>
---
 netlink/netlink.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

Patch

diff --git a/netlink/netlink.c b/netlink/netlink.c
index f655f6ea25b7..aaaabdd3048e 100644
--- a/netlink/netlink.c
+++ b/netlink/netlink.c
@@ -457,6 +457,7 @@  void netlink_run_handler(struct cmd_context *ctx, nl_func_t nlfunc,
 			 bool no_fallback)
 {
 	bool wildcard = ctx->devname && !strcmp(ctx->devname, WILDCARD_DEVNAME);
+	bool wildcard_unsupported, ioctl_fallback;
 	struct nl_context *nlctx;
 	const char *reason;
 	int ret;
@@ -478,14 +479,17 @@  void netlink_run_handler(struct cmd_context *ctx, nl_func_t nlfunc,
 	nlctx = ctx->nlctx;
 
 	ret = nlfunc(ctx);
+	wildcard_unsupported = nlctx->wildcard_unsupported;
+	ioctl_fallback = nlctx->ioctl_fallback;
 	netlink_done(ctx);
-	if (no_fallback || ret != -EOPNOTSUPP || !nlctx->ioctl_fallback) {
-		if (nlctx->wildcard_unsupported)
+
+	if (no_fallback || ret != -EOPNOTSUPP || !ioctl_fallback) {
+		if (wildcard_unsupported)
 			fprintf(stderr, "%s\n",
 				"subcommand does not support wildcard dump");
 		exit(ret >= 0 ? ret : 1);
 	}
-	if (nlctx->wildcard_unsupported)
+	if (wildcard_unsupported)
 		reason = "subcommand does not support wildcard dump";
 	else
 		reason = "kernel netlink support for subcommand missing";