Re: [PATCH] ip6_offload: check segs for NULL in ipv6_gso_segment.

From: Eric Dumazet
Date: Thu Dec 01 2016 - 09:34:42 EST

Next message: Benjamin Tissoires: "Re: [PATCH v2 1/2] devicetree: i2c-hid: Add Wacom digitizer + regulator support"
Previous message: Rafael J. Wysocki: "Re: [PATCH V5] PM / OPP: Pass opp_table to dev_pm_opp_put_regulator()"
In reply to: Artem Savkov: "[PATCH] ip6_offload: check segs for NULL in ipv6_gso_segment."
Next in thread: Artem Savkov: "Re: [PATCH] ip6_offload: check segs for NULL in ipv6_gso_segment."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 2016-12-01 at 14:06 +0100, Artem Savkov wrote:
> segs needs to be checked for being NULL in ipv6_gso_segment() before calling
> skb_shinfo(segs), otherwise kernel can run into a NULL-pointer dereference:

> Signed-off-by: Artem Savkov <asavkov@xxxxxxxxxx>
> ---
>

> diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c
> index 1fcf61f..89c59e6 100644
> --- a/net/ipv6/ip6_offload.c
> +++ b/net/ipv6/ip6_offload.c
> @@ -99,7 +99,7 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb,
> segs = ops->callbacks.gso_segment(skb, features);
> }
>
> - if (IS_ERR(segs))
> + if (IS_ERR_OR_NULL(segs))
> goto out;
>
> gso_partial = !!(skb_shinfo(segs)->gso_type & SKB_GSO_PARTIAL);

Do you know when was this bug added ?

Are you sure this is the right fix ?

Which gso_segment() is returning NULL exactly ?

Thanks.

Next message: Benjamin Tissoires: "Re: [PATCH v2 1/2] devicetree: i2c-hid: Add Wacom digitizer + regulator support"
Previous message: Rafael J. Wysocki: "Re: [PATCH V5] PM / OPP: Pass opp_table to dev_pm_opp_put_regulator()"
In reply to: Artem Savkov: "[PATCH] ip6_offload: check segs for NULL in ipv6_gso_segment."
Next in thread: Artem Savkov: "Re: [PATCH] ip6_offload: check segs for NULL in ipv6_gso_segment."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]