From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Guillaume Nault <g.nault@alphalink.fr>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.18 10/20] l2tp: check ps->sock before running pppol2tp_session_ioctl()
Date: Thu, 16 Nov 2017 18:28:17 +0100 [thread overview]
Message-ID: <20171116172722.168151920@linuxfoundation.org> (raw)
In-Reply-To: <20171116172721.759231192@linuxfoundation.org>
3.18-stable review patch. If anyone has any objections, please let me know.
------------------
From: Guillaume Nault <g.nault@alphalink.fr>
[ Upstream commit 5903f594935a3841137c86b9d5b75143a5b7121c ]
When pppol2tp_session_ioctl() is called by pppol2tp_tunnel_ioctl(),
the session may be unconnected. That is, it was created by
pppol2tp_session_create() and hasn't been connected with
pppol2tp_connect(). In this case, ps->sock is NULL, so we need to check
for this case in order to avoid dereferencing a NULL pointer.
Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/l2tp/l2tp_ppp.c | 3 +++
1 file changed, 3 insertions(+)
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -1017,6 +1017,9 @@ static int pppol2tp_session_ioctl(struct
session->name, cmd, arg);
sk = ps->sock;
+ if (!sk)
+ return -EBADR;
+
sock_hold(sk);
switch (cmd) {
next prev parent reply other threads:[~2017-11-16 17:28 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-16 17:28 [PATCH 3.18 00/20] 3.18.82-stable review Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 01/20] [PATCH] Revert "ceph: unlock dangling spinlock in try_flush_caps()" Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 02/20] mac80211: accept key reinstall without changing anything Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 03/20] mac80211: use constant time comparison with keys Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 04/20] mac80211: dont compare TKIP TX MIC key in reinstall prevention Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 05/20] usb: usbtest: fix NULL pointer dereference Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 06/20] Input: ims-psu - check if CDC union descriptor is sane Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 08/20] tun/tap: sanitize TUNSETSNDBUF input Greg Kroah-Hartman
2017-11-16 21:25 ` Craig Gallek
2017-11-17 7:59 ` Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 09/20] tcp: fix tcp_mtu_probe() vs highest_sack Greg Kroah-Hartman
2017-11-16 17:28 ` Greg Kroah-Hartman [this message]
2017-11-16 17:28 ` [PATCH 3.18 11/20] tun: call dev_get_valid_name() before register_netdevice() Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 12/20] sctp: add the missing sock_owned_by_user check in sctp_icmp_redirect Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 13/20] net/unix: dont show information about sockets from other namespaces Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 14/20] tun: allow positive return values on dev_get_valid_name() call Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 15/20] sctp: reset owner sk for data chunks on out queues when migrating a sock Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 16/20] ipv6: flowlabel: do not leave opt->tot_len with garbage Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 17/20] ipip: only increase err_count for some certain type icmp in ipip_err Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 18/20] ip6_gre: only increase err_count for some certain type icmpv6 in ip6gre_err Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 19/20] security/keys: add CONFIG_KEYS_COMPAT to Kconfig Greg Kroah-Hartman
2017-11-16 17:28 ` [PATCH 3.18 20/20] target/iscsi: Fix iSCSI task reassignment handling Greg Kroah-Hartman
2017-11-16 22:43 ` [PATCH 3.18 00/20] 3.18.82-stable review Shuah Khan
2017-11-17 2:00 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171116172722.168151920@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=g.nault@alphalink.fr \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox