• net: fix NULL pointer reference in cipso_v4_doi_free · e842cb60
    王贇 提交于
    In netlbl_cipsov4_add_std() when 'doi_def->map.std' alloc
    failed, we sometime observe panic:
    
      BUG: kernel NULL pointer dereference, address:
      ...
      RIP: 0010:cipso_v4_doi_free+0x3a/0x80
      ...
      Call Trace:
       netlbl_cipsov4_add_std+0xf4/0x8c0
       netlbl_cipsov4_add+0x13f/0x1b0
       genl_family_rcv_msg_doit.isra.15+0x132/0x170
       genl_rcv_msg+0x125/0x240
    
    This is because in cipso_v4_doi_free() there is no check
    on 'doi_def->map.std' when doi_def->type got value 1, which
    is possibe, since netlbl_cipsov4_add_std() haven't initialize
    it before alloc 'doi_def->map.std'.
    
    This patch just add the check to prevent panic happen in similar
    cases.
    Reported-by: NAbaci <abaci@linux.alibaba.com>
    Signed-off-by: NMichael Wang <yun.wang@linux.alibaba.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    e842cb60
netlabel_cipso_v4.c 21.1 KB