+ Cong and Andrew
On Tue, Oct 22, 2024 at 04:48:25PM +0200, Pablo Neira Ayuso wrote:
> Existing user space applications maintained by the Osmocom project are
> breaking since a recent fix that addresses incorrect error checking.
>
> Restore operation for user space programs that specify -1 as file
> descriptor to skip GTPv0 or GTPv1 only sockets.
>
> Fixes: defd8b3c37b0 ("gtp: fix a potential NULL pointer dereference")
> Reported-by: Pau Espin Pedrol <[email protected]>
> Signed-off-by: Pablo Neira Ayuso <[email protected]>
Reviewed-by: Simon Horman <[email protected]>
> ---
> drivers/net/gtp.c | 22 +++++++++++++---------
> 1 file changed, 13 insertions(+), 9 deletions(-)
>
> diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c
> index a60bfb1abb7f..70f981887518 100644
> --- a/drivers/net/gtp.c
> +++ b/drivers/net/gtp.c
> @@ -1702,20 +1702,24 @@ static int gtp_encap_enable(struct gtp_dev *gtp,
> struct nlattr *data[])
> return -EINVAL;
>
> if (data[IFLA_GTP_FD0]) {
> - u32 fd0 = nla_get_u32(data[IFLA_GTP_FD0]);
> + int fd0 = nla_get_u32(data[IFLA_GTP_FD0]);
>
> - sk0 = gtp_encap_enable_socket(fd0, UDP_ENCAP_GTP0, gtp);
> - if (IS_ERR(sk0))
> - return PTR_ERR(sk0);
> + if (fd0 >= 0) {
> + sk0 = gtp_encap_enable_socket(fd0, UDP_ENCAP_GTP0, gtp);
> + if (IS_ERR(sk0))
> + return PTR_ERR(sk0);
> + }
> }
>
> if (data[IFLA_GTP_FD1]) {
> - u32 fd1 = nla_get_u32(data[IFLA_GTP_FD1]);
> + int fd1 = nla_get_u32(data[IFLA_GTP_FD1]);
>
> - sk1u = gtp_encap_enable_socket(fd1, UDP_ENCAP_GTP1U, gtp);
> - if (IS_ERR(sk1u)) {
> - gtp_encap_disable_sock(sk0);
> - return PTR_ERR(sk1u);
> + if (fd1 >= 0) {
> + sk1u = gtp_encap_enable_socket(fd1, UDP_ENCAP_GTP1U,
> gtp);
> + if (IS_ERR(sk1u)) {
> + gtp_encap_disable_sock(sk0);
> + return PTR_ERR(sk1u);
> + }
> }
> }
>
> --
> 2.30.2
>
>
