ipv6_sockglue: Fix a missing-check bug in ip6_ra_control()

In function ip6_ra_control(), the pointer new_ra is allocated a memory space via kmalloc(). And it is used in the following codes. However, when there is a memory allocation error, kmalloc() fails. Thus null pointer dereference may happen. And it will cause the kernel to crash. Therefore, we should check the return value and handle the error. Signed-off-by: Gen Zhang <blackgod016574@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Gen Zhang <blackgod016574@gmail.com> 2019-05-24 11:19:46 +0800
committer: David S. Miller <davem@davemloft.net> 2019-05-25 10:59:45 -0700
commit: 95baa60a0da80a0143e3ddd4d3725758b4513825 (patch)
tree: 92e64fdc3fa8a299c24ab678fc46ad807cb254b2
parent: 4097e9d250fb17958c1d9b94538386edd3f20144 (diff)
download: linux-95baa60a0da80a0143e3ddd4d3725758b4513825.tar.bz2
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 40f21fef25ff..0a3d035feb61 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -68,6 +68,8 @@ int ip6_ra_control(struct sock *sk, int sel)
 		return -ENOPROTOOPT;
 
 	new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
+	if (sel >= 0 && !new_ra)
+		return -ENOMEM;
 
 	write_lock_bh(&ip6_ra_lock);
 	for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {
author	Gen Zhang <blackgod016574@gmail.com>	2019-05-24 11:19:46 +0800
committer	David S. Miller <davem@davemloft.net>	2019-05-25 10:59:45 -0700
commit	95baa60a0da80a0143e3ddd4d3725758b4513825 (patch)
tree	92e64fdc3fa8a299c24ab678fc46ad807cb254b2
parent	4097e9d250fb17958c1d9b94538386edd3f20144 (diff)
download	linux-95baa60a0da80a0143e3ddd4d3725758b4513825.tar.bz2