Jiecheng Wu <jasonwood2...@gmail.com> writes: > Function ovs_ct_limit_cmd_get() defined in net/openvswitch/conntrack.c may > cause a null pointer dereference as it calls nla_nest_start which may return > NULL. The returned value is used in function nla_nest_end() later where the > pointer is dereferenced. > --- > net/openvswitch/conntrack.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c > index 284aca2..dad0456 100644 > --- a/net/openvswitch/conntrack.c > +++ b/net/openvswitch/conntrack.c > @@ -2132,6 +2132,10 @@ static int ovs_ct_limit_cmd_get(struct sk_buff *skb, > struct genl_info *info) > return PTR_ERR(reply); > > nla_reply = nla_nest_start(reply, OVS_CT_LIMIT_ATTR_ZONE_LIMIT); > + if (!nla_reply) { > + err = -ENOMEM; > + goto exit_err; > + } > > if (a[OVS_CT_LIMIT_ATTR_ZONE_LIMIT]) { > err = ovs_ct_limit_get_zone_limit(
This patch is appropriate to the net...@vger.kernel.org mailing list. A version was submitted already by Stephen Hemminger (Cc'd). See: https://mail.openvswitch.org/pipermail/ovs-dev/2018-July/349816.html Looks like these were not accepted per David's response at: https://mail.openvswitch.org/pipermail/ovs-dev/2018-July/349929.html Stephen, are you going to resubmit your patches to netdev? _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev