From mboxrd@z Thu Jan  1 00:00:00 1970
From: Kangjie Lu <kjlu@umn.edu>
Subject: [PATCH] netfilter: fix a missing check of nla put failure
Date: Fri, 21 Dec 2018 00:46:23 -0600
Message-ID: <20181221064623.59988-1-kjlu@umn.edu>
Cc: pakki001@umn.edu, Pablo Neira Ayuso <pablo@netfilter.org>,
        Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>,
        Florian Westphal <fw@strlen.de>,
        "David S. Miller" <davem@davemloft.net>,
        netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
        netdev@vger.kernel.org, linux-kernel@vger.kernel.org
To: kjlu@umn.edu
Return-path: <netdev-owner@vger.kernel.org>
Received: from mta-p5.oit.umn.edu ([134.84.196.205]:50920 "EHLO
        mta-p5.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1731581AbeLUGqt (ORCPT
        <rfc822;netdev@vger.kernel.org>); Fri, 21 Dec 2018 01:46:49 -0500
Received: from localhost (unknown [127.0.0.1])
        by mta-p5.oit.umn.edu (Postfix) with ESMTP id D92ACCFB
        for <netdev@vger.kernel.org>; Fri, 21 Dec 2018 06:46:47 +0000 (UTC)
Received: from mta-p5.oit.umn.edu ([127.0.0.1])
        by localhost (mta-p5.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id aiHjhGw4RiOg for <netdev@vger.kernel.org>;
        Fri, 21 Dec 2018 00:46:47 -0600 (CST)
Received: from mail-io1-f72.google.com (mail-io1-f72.google.com [209.85.166.72])
        (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mta-p5.oit.umn.edu (Postfix) with ESMTPS id A893FCF6
        for <netdev@vger.kernel.org>; Fri, 21 Dec 2018 00:46:47 -0600 (CST)
Received: by mail-io1-f72.google.com with SMTP id u2so3491035iob.7
        for <netdev@vger.kernel.org>; Thu, 20 Dec 2018 22:46:47 -0800 (PST)
Sender: netdev-owner@vger.kernel.org
List-ID: <netdev.vger.kernel.org>

If nla_nest_start() may fail. The fix checks its return value and goes
to nla_put_failure if it fails.

Signed-off-by: Kangjie Lu <kjlu@umn.edu>
---
 net/netfilter/nf_tables_api.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
index 2e61aab6ed73..bc1b9814f2ee 100644
--- a/net/netfilter/nf_tables_api.c
+++ b/net/netfilter/nf_tables_api.c
@@ -5689,6 +5689,8 @@ static int nf_tables_fill_flowtable_info(struct sk_buff *skb, struct net *net,
 		goto nla_put_failure;
 
 	nest = nla_nest_start(skb, NFTA_FLOWTABLE_HOOK);
+	if (!nest)
+		goto nla_put_failure;
 	if (nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_NUM, htonl(flowtable->hooknum)) ||
 	    nla_put_be32(skb, NFTA_FLOWTABLE_HOOK_PRIORITY, htonl(flowtable->priority)))
 		goto nla_put_failure;
-- 
2.17.2 (Apple Git-113)