From: Paolo Abeni Date: Tue, 2 May 2017 14:03:58 +0000 (+0200) Subject: infiniband: avoid dereferencing uninitialized dst on error path X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=24b43c99647bf9be4995e6a6c9c3a923c147770a;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git infiniband: avoid dereferencing uninitialized dst on error path With commit eea40b8f624f ("infiniband: call ipv6 route lookup via the stub interface"), if the route lookup fails due to ipv6 being disabled, the dst variable is left untouched, and the following dst_release() may access uninitialized memory. Since ipv6_dst_lookup() always sets dst to NULL in case of lookup failure with ipv6 enabled, fix the above just returning the error code if the lookup fails. Fixes: eea40b8f624 ("infiniband: call ipv6 route lookup via the stub interface") Reported-by: Sabrina Dubroca Signed-off-by: Paolo Abeni Reviewed-by: Sabrina Dubroca Signed-off-by: Doug Ledford --- diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c index 523d24320100..02971e239a18 100644 --- a/drivers/infiniband/core/addr.c +++ b/drivers/infiniband/core/addr.c @@ -446,7 +446,7 @@ static int addr6_resolve(struct sockaddr_in6 *src_in, ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6); if (ret < 0) - goto put; + return ret; rt = (struct rt6_info *)dst; if (ipv6_addr_any(&fl6.saddr)) {