From: Eric Dumazet <edumazet@google.com>
Date: Fri, 12 Jan 2018 06:31:18 +0000 (-0800)
Subject: ipv6: ip6_make_skb() needs to clear cork.base.dst
X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3472170784d849018356e0bcb7d5c993ffc65699;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git

ipv6: ip6_make_skb() needs to clear cork.base.dst


[ Upstream commit 95ef498d977bf44ac094778fd448b98af158a3e6 ]

In my last patch, I missed fact that cork.base.dst was not initialized
in ip6_make_skb() :

If ip6_setup_cork() returns an error, we might attempt a dst_release()
on some random pointer.

Fixes: 862c03ee1deb ("ipv6: fix possible mem leaks in ipv6_make_skb()")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 7ef142706d14..3763dc01e374 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -1735,6 +1735,7 @@ struct sk_buff *ip6_make_skb(struct sock *sk,
 	cork.base.flags = 0;
 	cork.base.addr = 0;
 	cork.base.opt = NULL;
+	cork.base.dst = NULL;
 	v6_cork.opt = NULL;
 	err = ip6_setup_cork(sk, &cork, &v6_cork, ipc6, rt, fl6);
 	if (err) {