AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-11-24 15:01:13 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity

[NET_SCHED]: cls_basic: fix NULL pointer dereference

Browse Source 
cls_basic doesn't allocate tp->root before it is linked into the
active classifier list, resulting in a NULL pointer dereference
when packets hit the classifier before its ->change function is
called.

Reported by Chris Madden <chris@reflexsecurity.com>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Patrick McHardy 2007-03-24 22:13:06 -07:00 committed by David S. Miller
parent c93a882ebe
commit d3fa76ee6b
1 changed files with 7 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
net/sched/cls_basic.c
View File

@ -81,6 +81,13 @@ static void basic_put(struct tcf_proto *tp, unsigned long f)
static int basic_init(struct tcf_proto *tp) static int basic_init(struct tcf_proto *tp)
{ {
struct basic_head *head;
head = kzalloc(sizeof(*head), GFP_KERNEL);
if (head == NULL)
return -ENOBUFS;
INIT_LIST_HEAD(&head->flist);
tp->root = head;
return 0; return 0;
} }
@ -176,15 +183,6 @@ static int basic_change(struct tcf_proto *tp, unsigned long base, u32 handle,
} }
err = -ENOBUFS; err = -ENOBUFS;
if (head == NULL) {
head = kzalloc(sizeof(*head), GFP_KERNEL);
if (head == NULL)
goto errout;
INIT_LIST_HEAD(&head->flist);
tp->root = head;
}
f = kzalloc(sizeof(*f), GFP_KERNEL); f = kzalloc(sizeof(*f), GFP_KERNEL);
if (f == NULL) if (f == NULL)
goto errout; goto errout;