[PATCH 4.20 59/76] net: sched: act_tunnel_key: fix NULL pointer dereference during init

From: Greg Kroah-Hartman
Date: Fri Mar 08 2019 - 08:05:48 EST


4.20-stable review patch. If anyone has any objections, please let me know.

------------------

From: Vlad Buslov <vladbu@xxxxxxxxxxxx>

[ Upstream commit a3df633a3c92bb96b06552c3f828d7c267774379 ]

Metadata pointer is only initialized for action TCA_TUNNEL_KEY_ACT_SET, but
it is unconditionally dereferenced in tunnel_key_init() error handler.
Verify that metadata pointer is not NULL before dereferencing it in
tunnel_key_init error handling code.

Fixes: ee28bb56ac5b ("net/sched: fix memory leak in act_tunnel_key_init()")
Signed-off-by: Vlad Buslov <vladbu@xxxxxxxxxxxx>
Reviewed-by: Davide Caratti <dcaratti@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/sched/act_tunnel_key.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)

--- a/net/sched/act_tunnel_key.c
+++ b/net/sched/act_tunnel_key.c
@@ -377,7 +377,8 @@ static int tunnel_key_init(struct net *n
return ret;

release_tun_meta:
- dst_release(&metadata->dst);
+ if (metadata)
+ dst_release(&metadata->dst);

err_out:
if (exists)