projects / platform / kernel / linux-starfive.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 782710e) | patch
xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.
authorSteffen Klassert <steffen.klassert@secunet.com>
Tue, 11 Sep 2018 08:31:15 +0000 (10:31 +0200)
committerSteffen Klassert <steffen.klassert@secunet.com>
Tue, 11 Sep 2018 09:28:25 +0000 (11:28 +0200)
commit9e1437937807b0122e8da1ca8765be2adca9aee6
tree9da838ab391fbc47b379d00dab98aefe0888639etree | snapshot
parent782710e333a526780d65918d669cb96646983ba2commit | diff
xfrm: Fix NULL pointer dereference when skb_dst_force clears the dst_entry.

Since commit 222d7dbd258d ("net: prevent dst uses after free")
skb_dst_force() might clear the dst_entry attached to the skb.
The xfrm code don't expect this to happen, so we crash with
a NULL pointer dereference in this case. Fix it by checking
skb_dst(skb) for NULL after skb_dst_force() and drop the packet
in cast the dst_entry was cleared.

Fixes: 222d7dbd258d ("net: prevent dst uses after free")
Reported-by: Tobias Hommel <netdev-list@genoetigt.de>
Reported-by: Kristian Evensen <kristian.evensen@gmail.com>
Reported-by: Wolfgang Walter <linux@stwm.de>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
net/xfrm/xfrm_output.c diff | blob | history
net/xfrm/xfrm_policy.c diff | blob | history
Domain: System / Kernel;