lwtunnel: check return value of nla_nest_start

Function nla_nest_start() may return a NULL pointer on error. However,
in function lwtunnel_fill_encap(), the return value of nla_nest_start()
is not validated before it is used. This patch checks the return value
of nla_nest_start() against NULL.

Signed-off-by: Pan Bian <bianpan2016@163.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/core/lwtunnel.c b/net/core/lwtunnel.c
index b588819..5cbed38 100644 (file)
--- a/net/core/lwtunnel.c
+++ b/net/core/lwtunnel.c
@@ -214,6 +214,8 @@ int lwtunnel_fill_encap(struct sk_buff *skb, struct lwtunnel_state *lwtstate)
 
        ret = -EOPNOTSUPP;
        nest = nla_nest_start(skb, RTA_ENCAP);
+       if (!nest)
+               goto nla_put_failure;
        rcu_read_lock();
        ops = rcu_dereference(lwtun_encaps[lwtstate->type]);
        if (likely(ops && ops->fill_encap))