Jiecheng Wu <jasonwood2...@gmail.com> writes:
> Function ovs_ct_limit_cmd_get() defined in net/openvswitch/conntrack.c may
> cause a null pointer dereference as it calls nla_nest_start which may return
> NULL. The returned value is used in function nla_nest_end() later where the
> pointer is dereferenced.
> ---
> net/openvswitch/conntrack.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/net/openvswitch/conntrack.c b/net/openvswitch/conntrack.c
> index 284aca2..dad0456 100644
> --- a/net/openvswitch/conntrack.c
> +++ b/net/openvswitch/conntrack.c
> @@ -2132,6 +2132,10 @@ static int ovs_ct_limit_cmd_get(struct sk_buff *skb,
> struct genl_info *info)
> return PTR_ERR(reply);
>
> nla_reply = nla_nest_start(reply, OVS_CT_LIMIT_ATTR_ZONE_LIMIT);
> + if (!nla_reply) {
> + err = -ENOMEM;
> + goto exit_err;
> + }
>
> if (a[OVS_CT_LIMIT_ATTR_ZONE_LIMIT]) {
> err = ovs_ct_limit_get_zone_limit(
This patch is appropriate to the net...@vger.kernel.org mailing list. A
version was submitted already by Stephen Hemminger (Cc'd).
See:
https://mail.openvswitch.org/pipermail/ovs-dev/2018-July/349816.html
Looks like these were not accepted per David's response at:
https://mail.openvswitch.org/pipermail/ovs-dev/2018-July/349929.html
Stephen, are you going to resubmit your patches to netdev?
_______________________________________________
dev mailing list
d...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
