* [PATCH] net/neighbour: fix potential null pointer deference
@ 2019-05-31 8:29 Young Xiao
2019-05-31 8:41 ` Konstantin Khlebnikov
` (2 more replies)
0 siblings, 3 replies; 4+ messages in thread
From: Young Xiao @ 2019-05-31 8:29 UTC (permalink / raw)
To: davem, dsahern, roopa, christian, khlebnikov, netdev; +Cc: Young Xiao
There is a possible null pointer deference bugs in neigh_fill_info(),
which is similar to the bug which was fixed in commit 6adc5fd6a142
("net/neighbour: fix crash at dumping device-agnostic proxy entries").
Signed-off-by: Young Xiao <92siuyang@gmail.com>
---
net/core/neighbour.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index dfa8710..33c3ff1 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -2440,7 +2440,7 @@ static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
ndm->ndm_pad2 = 0;
ndm->ndm_flags = neigh->flags;
ndm->ndm_type = neigh->type;
- ndm->ndm_ifindex = neigh->dev->ifindex;
+ ndm->ndm_ifindex = neigh->dev ? neigh->dev->ifindex : 0;
if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
goto nla_put_failure;
--
2.7.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] net/neighbour: fix potential null pointer deference
2019-05-31 8:29 [PATCH] net/neighbour: fix potential null pointer deference Young Xiao
@ 2019-05-31 8:41 ` Konstantin Khlebnikov
2019-05-31 8:42 ` Paolo Abeni
2019-05-31 14:56 ` Eric Dumazet
2 siblings, 0 replies; 4+ messages in thread
From: Konstantin Khlebnikov @ 2019-05-31 8:41 UTC (permalink / raw)
To: Young Xiao, davem, dsahern, roopa, christian, netdev
On 31.05.2019 11:29, Young Xiao wrote:
> There is a possible null pointer deference bugs in neigh_fill_info(),
> which is similar to the bug which was fixed in commit 6adc5fd6a142
> ("net/neighbour: fix crash at dumping device-agnostic proxy entries").
Have you seen this in real life?
I see nobody who could produce neighbour with null device pointer._
>
> Signed-off-by: Young Xiao <92siuyang@gmail.com>
> ---
> net/core/neighbour.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index dfa8710..33c3ff1 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -2440,7 +2440,7 @@ static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
> ndm->ndm_pad2 = 0;
> ndm->ndm_flags = neigh->flags;
> ndm->ndm_type = neigh->type;
> - ndm->ndm_ifindex = neigh->dev->ifindex;
> + ndm->ndm_ifindex = neigh->dev ? neigh->dev->ifindex : 0;
>
> if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
> goto nla_put_failure;
>
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] net/neighbour: fix potential null pointer deference
2019-05-31 8:29 [PATCH] net/neighbour: fix potential null pointer deference Young Xiao
2019-05-31 8:41 ` Konstantin Khlebnikov
@ 2019-05-31 8:42 ` Paolo Abeni
2019-05-31 14:56 ` Eric Dumazet
2 siblings, 0 replies; 4+ messages in thread
From: Paolo Abeni @ 2019-05-31 8:42 UTC (permalink / raw)
To: Young Xiao, davem, dsahern, roopa, christian, khlebnikov, netdev
On Fri, 2019-05-31 at 16:29 +0800, Young Xiao wrote:
> There is a possible null pointer deference bugs in neigh_fill_info(),
> which is similar to the bug which was fixed in commit 6adc5fd6a142
> ("net/neighbour: fix crash at dumping device-agnostic proxy entries").
>
> Signed-off-by: Young Xiao <92siuyang@gmail.com>
> ---
> net/core/neighbour.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index dfa8710..33c3ff1 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -2440,7 +2440,7 @@ static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
> ndm->ndm_pad2 = 0;
> ndm->ndm_flags = neigh->flags;
> ndm->ndm_type = neigh->type;
> - ndm->ndm_ifindex = neigh->dev->ifindex;
> + ndm->ndm_ifindex = neigh->dev ? neigh->dev->ifindex : 0;
>
> if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
> goto nla_put_failure;
AFAICS, neigh->dev is requested to be != NULL at neighbour creation
time (see ___neigh_create()), so the above NULL ptr dereference looks
impossible. Am I missing something?
Thanks,
Paolo
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] net/neighbour: fix potential null pointer deference
2019-05-31 8:29 [PATCH] net/neighbour: fix potential null pointer deference Young Xiao
2019-05-31 8:41 ` Konstantin Khlebnikov
2019-05-31 8:42 ` Paolo Abeni
@ 2019-05-31 14:56 ` Eric Dumazet
2 siblings, 0 replies; 4+ messages in thread
From: Eric Dumazet @ 2019-05-31 14:56 UTC (permalink / raw)
To: Young Xiao, davem, dsahern, roopa, christian, khlebnikov, netdev
On 5/31/19 1:29 AM, Young Xiao wrote:
> There is a possible null pointer deference bugs in neigh_fill_info(),
> which is similar to the bug which was fixed in commit 6adc5fd6a142
> ("net/neighbour: fix crash at dumping device-agnostic proxy entries").
>
> Signed-off-by: Young Xiao <92siuyang@gmail.com>
> ---
> net/core/neighbour.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/core/neighbour.c b/net/core/neighbour.c
> index dfa8710..33c3ff1 100644
> --- a/net/core/neighbour.c
> +++ b/net/core/neighbour.c
> @@ -2440,7 +2440,7 @@ static int neigh_fill_info(struct sk_buff *skb, struct neighbour *neigh,
> ndm->ndm_pad2 = 0;
> ndm->ndm_flags = neigh->flags;
> ndm->ndm_type = neigh->type;
> - ndm->ndm_ifindex = neigh->dev->ifindex;
> + ndm->ndm_ifindex = neigh->dev ? neigh->dev->ifindex : 0;
>
> if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
> goto nla_put_failure;
>
When was the bug added exactly ?
Hint : We want a Fixes: tag, so that we can fully understand the issue and make sure the
fix is complete.
Otherwise, your patch might very well have been randomly generated by a bot.
Thank you.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-05-31 14:56 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-31 8:29 [PATCH] net/neighbour: fix potential null pointer deference Young Xiao
2019-05-31 8:41 ` Konstantin Khlebnikov
2019-05-31 8:42 ` Paolo Abeni
2019-05-31 14:56 ` Eric Dumazet
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.