subject:"\[PATCH\] net\: geneve\: Fix a possible null\-pointer dereference in geneve_link_config\(\)"

Re: [PATCH] net: geneve: Fix a possible null-pointer dereference in geneve_link_config()

2019-07-29 Thread Jiri Benc

On Mon, 29 Jul 2019 12:30:55 +0200, Jiri Benc wrote: > Are you sure rt6_lookup can never return a non-NULL rt with rt->dst.dev > being NULL? You'd leak the reference in such case. In fact, you're introducing a bug, not fixing one. ip6_rt_put does accept NULL parameter. And it seems you already

Re: [PATCH] net: geneve: Fix a possible null-pointer dereference in geneve_link_config()

2019-07-29 Thread Jiri Benc

On Mon, 29 Jul 2019 18:26:11 +0800, Jia-Ju Bai wrote: > --- a/drivers/net/geneve.c > +++ b/drivers/net/geneve.c > @@ -1521,9 +1521,10 @@ static void geneve_link_config(struct net_device *dev, > rt = rt6_lookup(geneve->net, >key.u.ipv6.dst, NULL, 0, >

[PATCH] net: geneve: Fix a possible null-pointer dereference in geneve_link_config()

2019-07-29 Thread Jia-Ju Bai

In geneve_link_config(), there is an if statement on line 1524 to check whether rt is NULL: if (rt && rt->dst.dev) When rt is NULL, it is used on line 1526: ip6_rt_put(rt) dst_release(>dst); Thus, a possible null-pointer dereference may occur. To fix this bug, ip6_rt_put(rt) is