Re: [RFC: 2.6.25 patch] ipv4/fib_hash.c: fix NULL dereference

view
thread

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

From: Eric Dumazet

Subject: Re: [RFC: 2.6.25 patch] ipv4/fib_hash.c: fix NULL dereference

Date: Tuesday, February 19, 2008 - 4:06 pm

Adrian Bunk a écrit :
quoted text> Unless I miss a guaranteed relation between between "f" and 
> "new_fa->fa_info" this patch is required for fixing a NULL dereference
> introduced by commit a6501e080c318f8d4467679d17807f42b3a33cd5 and 
> spotted by the Coverity checker.
> 
> Signed-off-by: Adrian Bunk <bunk@kernel.org>
> 
> ---
> 
>  net/ipv4/fib_hash.c |   10 +++++-----
>  1 file changed, 5 insertions(+), 5 deletions(-)
> 
> --- linux-2.6/net/ipv4/fib_hash.c.old	2008-02-19 23:23:14.000000000 +0200
> +++ linux-2.6/net/ipv4/fib_hash.c	2008-02-19 23:38:28.000000000 +0200
> @@ -367,17 +367,18 @@ static struct fib_node *fib_find_node(st
>  	}
>  
>  	return NULL;
>  }
>  
>  static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg)
>  {
>  	struct fn_hash *table = (struct fn_hash *) tb->tb_data;
> -	struct fib_node *new_f, *f;
> +	struct fib_node *new_f = NULL;
> +	struct fib_node *f;
>  	struct fib_alias *fa, *new_fa;
>  	struct fn_zone *fz;
>  	struct fib_info *fi;
>  	u8 tos = cfg->fc_tos;
>  	__be32 key;
>  	int err;
>  
>  	if (cfg->fc_dst_len > 32)
> @@ -491,33 +492,32 @@ static int fn_hash_insert(struct fib_tab
>  	}
>  
>  	err = -ENOENT;
>  	if (!(cfg->fc_nlflags & NLM_F_CREATE))
>  		goto out;
>  
>  	err = -ENOBUFS;
>  
> -	new_f = NULL;
>  	if (!f) {
>  		new_f = kmem_cache_zalloc(fn_hash_kmem, GFP_KERNEL);
>  		if (new_f == NULL)
>  			goto out;
>  
>  		INIT_HLIST_NODE(&new_f->fn_hash);
>  		INIT_LIST_HEAD(&new_f->fn_alias);
>  		new_f->fn_key = key;
>  		f = new_f;
>  	}
>  
>  	new_fa = &f->fn_embedded_alias;
>  	if (new_fa->fa_info != NULL) {
>  		new_fa = kmem_cache_alloc(fn_alias_kmem, GFP_KERNEL);
>  		if (new_fa == NULL)
> -			goto out_free_new_f;
> +			goto out;
>  	}
>  	new_fa->fa_info = fi;
>  	new_fa->fa_tos = tos;
>  	new_fa->fa_type = cfg->fc_type;
>  	new_fa->fa_scope = cfg->fc_scope;
>  	new_fa->fa_state = 0;
>  
>  	/*
> @@ -535,19 +535,19 @@ static int fn_hash_insert(struct fib_tab
>  	if (new_f)
>  		fz->fz_nent++;
>  	rt_cache_flush(-1);
>  
>  	rtmsg_fib(RTM_NEWROUTE, key, new_fa, cfg->fc_dst_len, tb->tb_id,
>  		  &cfg->fc_nlinfo, 0);
>  	return 0;
>  
> -out_free_new_f:
> -	kmem_cache_free(fn_hash_kmem, new_f);
>  out:
> +	if (new_f)
> +		kmem_cache_free(fn_hash_kmem, new_f);
>  	fib_release_info(fi);
>  	return err;
>  }
>  
>  
>  static int fn_hash_delete(struct fib_table *tb, struct fib_config *cfg)
>  {
>  	struct fn_hash *table = (struct fn_hash*)tb->tb_data;
> 

Hum, you are right, kmem_cache_free() doesnt allow a NULL object, like kfree() 
does.


--
unsubscribe noticeTo unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

[RFC: 2.6.25 patch] ipv4/fib_hash.c: fix NULL dereference, Adrian Bunk, (Tue Feb 19, 3:49 pm)

Re: [RFC: 2.6.25 patch] ipv4/fib_hash.c: fix NULL dereference, Eric Dumazet, (Tue Feb 19, 4:06 pm)

Re: [RFC: 2.6.25 patch] ipv4/fib_hash.c: fix NULL dereference, David Miller, (Tue Feb 19, 5:29 pm)

Navigation

Popular discussions


linux-kernel:
Mel Gorman	Re: [PATCH 1/4] vmstat: remove zone->lock from walk_zones_in_node
Guenter Roeck	Re: [lm-sensors] Location for thermal drivers
David Woodhouse	Re: RFC: Moving firmware blobs out of the kernel.
Siddha, Suresh B	Re: [PATCH 2.6.21 review I] [11/25] x86: default to physical mode on hotplug CPU k...
Peter Zijlstra	Re: [patch 4/6] mm: merge populate and nopage into fault (fixes nonlinear)
git-commits-head:
Linux Kernel Mailing List	[MIPS] Fix potential latency problem due to non-atomic cpu_wait.
Linux Kernel Mailing List	USB: rename USB_SPEED_VARIABLE to USB_SPEED_WIRELESS
Linux Kernel Mailing List	lib/vsprintf.c: fix bug omitting minus sign of numbers (module_param)
Linux Kernel Mailing List	[Bluetooth] Initiate authentication during connection establishment
Linux Kernel Mailing List	[POWERPC] 4xx: Add ppc40x_defconfig
linux-netdev:
MERCEDES	Your mail id has won 950,000.00 in the MERCEDES Benz Online Promo.for claims send:
David Miller	Re: [PATCH] xen/netfront: do not mark packets of length < MSS as GSO
David Miller	Re: skb_segment() questions
Shan Wei	[RFC PATCH net-next 2/5]IPv6:netfilter: Send an ICMPv6 "Fragment Reassembly Timeou...
Stanislaw Gruszka	[PATCH 1/4] bnx2x: use smp_mb() to keep ordering of read write operations
git:
Nicolas Sebrecht	git-svn died of signal 11 (was "3 failures on test t9100 (svn)")
Junio C Hamano	Re: [PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
Martin Langhoff	Re: [PATCH] GIT commit statistics.
Alexandre Julliard	[PATCH] gitweb: Put back shortlog instead of graphiclog in the project list.
Josh Triplett	[PATCH 2/2] Add url.<base>.pushInsteadOf: URL rewriting for push only
openbsd-misc:
Taisto Qvist XX	Re: AMD GEODE LX-800 just works with kernel from install42.iso and kernelpanics wi...
Nico Meijer	Re: gOS Develop Kit with VIA pc-1 Processor Platform VIA C7-D
Andreas Bihlmaier	Re: jetway board sensors (Fintek F71805F)
admin	Drive a 2009 car from R799p/m
Antti Harri	Re: how to create a sha256 hash

Colocation donated by:

Syndicate