summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGuillaume Nault <g.nault@alphalink.fr>2017-10-13 19:22:35 +0200
committerDavid S. Miller <davem@davemloft.net>2017-10-14 18:38:56 -0700
commit5903f594935a3841137c86b9d5b75143a5b7121c (patch)
treee673eded38ed2855ae9c49dc8e76b0e4cd5a8906
parent09001b03f722be96827bf8df5ba4d48b7ec0cc30 (diff)
downloadlinux-5903f594935a3841137c86b9d5b75143a5b7121c.tar.bz2
l2tp: check ps->sock before running pppol2tp_session_ioctl()
When pppol2tp_session_ioctl() is called by pppol2tp_tunnel_ioctl(), the session may be unconnected. That is, it was created by pppol2tp_session_create() and hasn't been connected with pppol2tp_connect(). In this case, ps->sock is NULL, so we need to check for this case in order to avoid dereferencing a NULL pointer. Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP") Signed-off-by: Guillaume Nault <g.nault@alphalink.fr> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/l2tp/l2tp_ppp.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index bc6e8bfc5be4..f50452b919d5 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -988,6 +988,9 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session,
session->name, cmd, arg);
sk = ps->sock;
+ if (!sk)
+ return -EBADR;
+
sock_hold(sk);
switch (cmd) {