From: Pan Bian Date: Sun, 23 Apr 2017 06:28:37 +0000 (+0800) Subject: lwtunnel: check return value of nla_nest_start X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=a50fe0ffd76fbd17af36209a16caf0b8ad901fef;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git lwtunnel: check return value of nla_nest_start Function nla_nest_start() may return a NULL pointer on error. However, in function lwtunnel_fill_encap(), the return value of nla_nest_start() is not validated before it is used. This patch checks the return value of nla_nest_start() against NULL. Signed-off-by: Pan Bian Signed-off-by: David S. Miller --- diff --git a/net/core/lwtunnel.c b/net/core/lwtunnel.c index b5888190223c..5cbed3816229 100644 --- a/net/core/lwtunnel.c +++ b/net/core/lwtunnel.c @@ -214,6 +214,8 @@ int lwtunnel_fill_encap(struct sk_buff *skb, struct lwtunnel_state *lwtstate) ret = -EOPNOTSUPP; nest = nla_nest_start(skb, RTA_ENCAP); + if (!nest) + goto nla_put_failure; rcu_read_lock(); ops = rcu_dereference(lwtun_encaps[lwtstate->type]); if (likely(ops && ops->fill_encap))