Skip to content

Commit

Permalink
infiniband: avoid dereferencing uninitialized dst on error path
Browse files Browse the repository at this point in the history 
With commit eea40b8 ("infiniband: call ipv6 route lookup
via the stub interface"), if the route lookup fails due to
ipv6 being disabled, the dst variable is left untouched, and
the following dst_release() may access uninitialized memory.

Since ipv6_dst_lookup() always sets dst to NULL in case of
lookup failure with ipv6 enabled, fix the above just
returning the error code if the lookup fails.

Fixes: eea40b8 ("infiniband: call ipv6 route lookup via the stub interface")
Reported-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: Doug Ledford <dledford@redhat.com>
  • Loading branch information
Paolo Abeni authored and Doug Ledford committed May 2, 2017
1 parent 87f0faa commit 24b43c9
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion drivers/infiniband/core/addr.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -446,7 +446,7 @@ static int addr6_resolve(struct sockaddr_in6 *src_in,

ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6);
if (ret < 0)
goto put;
return ret;

rt = (struct rt6_info *)dst;
if (ipv6_addr_any(&fl6.saddr)) {
Expand Down

0 comments on commit 24b43c9

Please sign in to comment.