nbd_genl_status: null check for nla_nest_start

hulk inclusion category: bugfix bugzilla: NA CVE: CVE-2019-16089 --------------------------- nla_nest_start may fail and return NULL. The check is inserted, and errno is selected based on other call sites within the same source code. Update: removed extra new line. v3 Update: added release reply, thanks to Michal Kubecek for pointing out. Signed-off-by: N Navid Emamdoost <navid.emamdoost@gmail.com> Reviewed-by: N Michal Kubecek <mkubecek@suse.cz> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Jason Yan <yanaijie@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

nbd_genl_status: null check for nla_nest_start
hulk inclusion category: bugfix bugzilla: NA CVE: CVE-2019-16089 --------------------------- nla_nest_start may fail and return NULL. The check is inserted, and errno is selected based on other call sites within the same source code. Update: removed extra new line. v3 Update: added release reply, thanks to Michal Kubecek for pointing out. Signed-off-by: N Navid Emamdoost <navid.emamdoost@gmail.com> Reviewed-by: N Michal Kubecek <mkubecek@suse.cz> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com> Reviewed-by: N Jason Yan <yanaijie@huawei.com> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
63149a11 · Navid Emamdoost · Yang Yingliang · b3340087 · 63149a11
隐藏空白更改
内联并排

Showing with 6 addition and 0 deletion

drivers/block/nbd.c drivers/block/nbd.c +6 -0

未找到文件。
--- a/drivers/block/nbd.c
+++ b/drivers/block/nbd.c
@@ -2169,6 +2169,12 @@ static int nbd_genl_status(struct sk_buff *skb, struct genl_info *info)
 	}
 	dev_list = nla_nest_start(reply, NBD_ATTR_DEVICE_LIST);
+	if (!dev_list) {
+		nlmsg_free(reply);
+		ret = -EMSGSIZE;
+		goto out;
+	}
 	if (index == -1) {
 		ret = idr_for_each(&nbd_index_idr, &status_cb, reply);
 		if (ret) {