ipv4: Fix crashes in fib_rules_tclass().

All paths assume, when CONFIG_IP_MULTIPLE_TABLES is enabled, that any
successful call to fib_lookup() will initialize the fib_result->r
value to something.

We violated that expectation in the new fib_lookup() fast path.

Reported-by: Or Gerlitz <ogerlitz@mellanox.com>
Tested-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Greg Rose <gregory.v.rose@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
index 539c6721f810154c992d23426eba6f1f11e3c3c5..000c4674e18e0169ffc810c5b22fc25ff0cc8958 100644 (file)
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -230,6 +230,7 @@ static inline int fib_lookup(struct net *net, struct flowi4 *flp,
                             struct fib_result *res)
 {
        if (!net->ipv4.fib_has_custom_rules) {
+               res->r = NULL;
                if (net->ipv4.fib_local &&
                    !fib_table_lookup(net->ipv4.fib_local, flp, res,
                                      FIB_LOOKUP_NOREF))