On Mon, 29 Jul 2019 12:30:55 +0200, Jiri Benc wrote:
> Are you sure rt6_lookup can never return a non-NULL rt with rt->dst.dev
> being NULL? You'd leak the reference in such case.
In fact, you're introducing a bug, not fixing one. ip6_rt_put does
accept NULL parameter. And it seems you already
On Mon, 29 Jul 2019 18:26:11 +0800, Jia-Ju Bai wrote:
> --- a/drivers/net/geneve.c
> +++ b/drivers/net/geneve.c
> @@ -1521,9 +1521,10 @@ static void geneve_link_config(struct net_device *dev,
> rt = rt6_lookup(geneve->net, >key.u.ipv6.dst, NULL, 0,
>
In geneve_link_config(), there is an if statement on line 1524 to check
whether rt is NULL:
if (rt && rt->dst.dev)
When rt is NULL, it is used on line 1526:
ip6_rt_put(rt)
dst_release(>dst);
Thus, a possible null-pointer dereference may occur.
To fix this bug, ip6_rt_put(rt) is
3 matches
Mail list logo