[PATCH 1/1] lwtunnel: check return value of nla_nest_start

[PATCH 1/1] lwtunnel: check return value of nla_nest_start

[Pan Bian]

Function nla_nest_start() may return a NULL pointer on error. However,
in function lwtunnel_fill_encap(), the return value of nla_nest_start()
is not validated before it is used. This patch checks the return value
of nla_nest_start() against NULL.

Signed-off-by: Pan Bian <bianpan2016@163.com>
---
 net/core/lwtunnel.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/core/lwtunnel.c b/net/core/lwtunnel.c
index 6df9f8f..3471ce7 100644
--- a/net/core/lwtunnel.c
+++ b/net/core/lwtunnel.c
@@ -216,6 +216,8 @@ int lwtunnel_fill_encap(struct sk_buff *skb, struct lwtunnel_state *lwtstate)
 
 	ret = -EOPNOTSUPP;
 	nest = nla_nest_start(skb, RTA_ENCAP);
+	if (!nest)
+		goto nla_put_failure;
 	rcu_read_lock();
 	ops = rcu_dereference(lwtun_encaps[lwtstate->type]);
 	if (likely(ops && ops->fill_encap))
-- 
1.9.1

Re: [PATCH 1/1] lwtunnel: check return value of nla_nest_start

[David Miller]

From: Pan Bian <bianpan2016@163.com>
Date: Sun, 23 Apr 2017 14:28:37 +0800

> Function nla_nest_start() may return a NULL pointer on error. However,
> in function lwtunnel_fill_encap(), the return value of nla_nest_start()
> is not validated before it is used. This patch checks the return value
> of nla_nest_start() against NULL.
> 
> Signed-off-by: Pan Bian <bianpan2016@163.com>

Applied.