From 95baa60a0da80a0143e3ddd4d3725758b4513825 Mon Sep 17 00:00:00 2001 From: Gen Zhang Date: Fri, 24 May 2019 11:19:46 +0800 Subject: [PATCH] ipv6_sockglue: Fix a missing-check bug in ip6_ra_control() In function ip6_ra_control(), the pointer new_ra is allocated a memory space via kmalloc(). And it is used in the following codes. However, when there is a memory allocation error, kmalloc() fails. Thus null pointer dereference may happen. And it will cause the kernel to crash. Therefore, we should check the return value and handle the error. Signed-off-by: Gen Zhang Signed-off-by: David S. Miller --- net/ipv6/ipv6_sockglue.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index 40f21fef25ff..0a3d035feb61 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -68,6 +68,8 @@ int ip6_ra_control(struct sock *sk, int sel) return -ENOPROTOOPT; new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; + if (sel >= 0 && !new_ra) + return -ENOMEM; write_lock_bh(&ip6_ra_lock); for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) { -- 2.30.2