From mboxrd@z Thu Jan  1 00:00:00 1970
From: Hangbin Liu <liuhangbin@gmail.com>
Subject: Re: [PATCH iproute2] iplink_vrf: Save device index from response for
 return code
Date: Mon, 4 Jun 2018 09:11:13 +0800
Message-ID: <20180604011113.GR8958@leo.usersys.redhat.com>
References: <20180601155016.3524-1-dsahern@kernel.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Cc: stephen@networkplumber.org, netdev@vger.kernel.org,
        David Ahern <dsahern@gmail.com>, Phil Sutter <phil@nwl.cc>
To: dsahern@kernel.org
Return-path: <netdev-owner@vger.kernel.org>
Received: from mail-pl0-f65.google.com ([209.85.160.65]:42259 "EHLO
        mail-pl0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751393AbeFDBLZ (ORCPT
        <rfc822;netdev@vger.kernel.org>); Sun, 3 Jun 2018 21:11:25 -0400
Received: by mail-pl0-f65.google.com with SMTP id w17-v6so2774967pll.9
        for <netdev@vger.kernel.org>; Sun, 03 Jun 2018 18:11:25 -0700 (PDT)
Content-Disposition: inline
In-Reply-To: <20180601155016.3524-1-dsahern@kernel.org>
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

On Fri, Jun 01, 2018 at 08:50:16AM -0700, dsahern@kernel.org wrote:
> From: David Ahern <dsahern@gmail.com>
> 
> A recent commit changed rtnl_talk_* to return the response message in
> allocated memory so callers need to free it. The change to name_is_vrf
> did not save the device index which is pointing to a struct inside the
> now allocated and freed memory resulting in garbage getting returned
> in some cases.
> 
> Fix by using a stack variable to save the return value and only set
> it to ifi->ifi_index after all checks are done and before the answer
> buffer is freed.
> 
> Fixes: 86bf43c7c2fdc ("lib/libnetlink: update rtnl_talk to support malloc buff at run time")
> Cc: Hangbin Liu <liuhangbin@gmail.com>
> Cc: Phil Sutter <phil@nwl.cc>
> Signed-off-by: David Ahern <dsahern@gmail.com>
> ---
>  ip/iplink_vrf.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/ip/iplink_vrf.c b/ip/iplink_vrf.c
> index e9dd0df98412..6004bb4f305e 100644
> --- a/ip/iplink_vrf.c
> +++ b/ip/iplink_vrf.c
> @@ -191,6 +191,7 @@ int name_is_vrf(const char *name)
>  	struct rtattr *tb[IFLA_MAX+1];
>  	struct rtattr *li[IFLA_INFO_MAX+1];
>  	struct ifinfomsg *ifi;
> +	int ifindex = 0;
>  	int len;
>  
>  	addattr_l(&req.n, sizeof(req), IFLA_IFNAME, name, strlen(name) + 1);
> @@ -218,7 +219,8 @@ int name_is_vrf(const char *name)
>  	if (strcmp(RTA_DATA(li[IFLA_INFO_KIND]), "vrf"))
>  		goto out;
>  
> +	ifindex = ifi->ifi_index;
>  out:
>  	free(answer);
> -	return ifi->ifi_index;
> +	return ifindex;
>  }
> -- 
> 2.11.0
> 

Thanks for the fix.

Acked-by: Hangbin Liu <liuhangbin@gmail.com>