netlink: reset extack earlier in netlink_rcv_skb

Move up the extack reset/initialization in netlink_rcv_skb, so that those 'goto ack' will not skip it. Otherwise, later on netlink_ack may use the uninitialized extack and cause kernel crash. Fixes: cbbdf8433a5f ("netlink: extack needs to be reset each time through loop") Reported-by: syzbot+03bee3680a37466775e7@syzkaller.appspotmail.com Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: David Ahern <dsahern@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Xin Long <lucien.xin@gmail.com> 2018-01-18 14:48:03 +0800
committer: David S. Miller <davem@davemloft.net> 2018-01-18 15:14:51 -0500
commit: cd443f1e91ca600a092e780e8250cd6a2954b763 (patch)
tree: f76635f6578e3aaab43c44704889cbc27b788220 /net
parent: 7155f8f391576f133ed26c8d6bb8c7f03ceb404a (diff)
download: linux-cd443f1e91ca600a092e780e8250cd6a2954b763.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 47ef2d8683d6..84a4e4c3be4b 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2391,6 +2391,7 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
 	while (skb->len >= nlmsg_total_size(0)) {
 		int msglen;
 
+		memset(&extack, 0, sizeof(extack));
 		nlh = nlmsg_hdr(skb);
 		err = 0;
 
@@ -2405,7 +2406,6 @@ int netlink_rcv_skb(struct sk_buff *skb, int (*cb)(struct sk_buff *,
 		if (nlh->nlmsg_type < NLMSG_MIN_TYPE)
 			goto ack;
 
-		memset(&extack, 0, sizeof(extack));
 		err = cb(skb, nlh, &extack);
 		if (err == -EINTR)
 			goto skip;
author	Xin Long <lucien.xin@gmail.com>	2018-01-18 14:48:03 +0800
committer	David S. Miller <davem@davemloft.net>	2018-01-18 15:14:51 -0500
commit	cd443f1e91ca600a092e780e8250cd6a2954b763 (patch)
tree	f76635f6578e3aaab43c44704889cbc27b788220 /net
parent	7155f8f391576f133ed26c8d6bb8c7f03ceb404a (diff)
download	linux-cd443f1e91ca600a092e780e8250cd6a2954b763.tar.bz2