* [PATCH v2] ipv6:ipv6_pinfo dereferenced after NULL check
@ 2016-11-24 10:41 Manjeet Pawar
2016-11-27 20:25 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Manjeet Pawar @ 2016-11-24 10:41 UTC (permalink / raw)
To: davem, kuznet, jmorris, yoshfuji, kaber, netdev, linux-kernel
Cc: pankaj.m, ajeet.y, Rohit Thapliyal, Manjeet Pawar, Hannes Frederic Sowa
From: Rohit Thapliyal <r.thapliyal@samsung.com>
np checked for NULL and then dereferenced. It should be modified
for NULL case.
Signed-off-by: Rohit Thapliyal <r.thapliyal@samsung.com>
Signed-off-by: Manjeet Pawar <manjeet.p@samsung.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Reviewed-by: Akhilesh Kumar <akhilesh.k@samsung.com>
---
v1->v2: Modified as per the suggestion of Hannes
np ? np->autoflowlabel : ip6_default_np_autolabel(net)
net/ipv6/ip6_output.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 59eb4ed..d734b5e 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -215,11 +215,14 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6,
*/
if (np)
hlimit = np->hop_limit;
+
if (hlimit < 0)
hlimit = ip6_dst_hoplimit(dst);
- ip6_flow_hdr(hdr, tclass, ip6_make_flowlabel(net, skb, fl6->flowlabel,
- np->autoflowlabel, fl6));
+ ip6_flow_hdr(hdr, tclass,
+ ip6_make_flowlabel(net, skb, fl6->flowlabel,
+ np ? np->autoflowlabel : ip6_default_np_autolabel(net),
+ fl6));
hdr->payload_len = htons(seg_len);
hdr->nexthdr = proto;
--
1.9.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH v2] ipv6:ipv6_pinfo dereferenced after NULL check
2016-11-24 10:41 [PATCH v2] ipv6:ipv6_pinfo dereferenced after NULL check Manjeet Pawar
@ 2016-11-27 20:25 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2016-11-27 20:25 UTC (permalink / raw)
To: manjeet.p
Cc: kuznet, jmorris, yoshfuji, kaber, netdev, linux-kernel, pankaj.m,
ajeet.y, r.thapliyal, hannes
From: Manjeet Pawar <manjeet.p@samsung.com>
Date: Thu, 24 Nov 2016 16:11:57 +0530
> From: Rohit Thapliyal <r.thapliyal@samsung.com>
>
> np checked for NULL and then dereferenced. It should be modified
> for NULL case.
>
> Signed-off-by: Rohit Thapliyal <r.thapliyal@samsung.com>
> Signed-off-by: Manjeet Pawar <manjeet.p@samsung.com>
> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
> Reviewed-by: Akhilesh Kumar <akhilesh.k@samsung.com>
I do not think inet6_sk(sk) can ever be NULL in this function.
All callers fall into two categories:
1) Calls where arguments already dereference np in some way to
pass arguments to ip6_xmit():
net/dccp/ipv6.c: err = ip6_xmit(sk, skb, &fl6, opt, np->tclass);
net/ipv6/inet6_connection_sock.c: res = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt),
net/ipv6/tcp_ipv6.c: err = ip6_xmit(sk, skb, fl6, opt, np->tclass);
net/sctp/ipv6.c: res = ip6_xmit(sk, skb, fl6, rcu_dereference(np->opt), np->tclass);
2) Calls where the socket is a "control" socket which is initialized
at procotol registration time and therefore definitely has
a proper inet6_sk() pointer set up.
net/dccp/ipv6.c: ip6_xmit(ctl_sk, skb, &fl6, NULL, 0);
net/ipv6/tcp_ipv6.c: ip6_xmit(ctl_sk, buff, &fl6, NULL, tclass);
Therefore, I think we should simply remove the NULL test entirely.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2016-11-27 20:25 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-11-24 10:41 [PATCH v2] ipv6:ipv6_pinfo dereferenced after NULL check Manjeet Pawar
2016-11-27 20:25 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.