From: David S. Miller Date: Wed, 11 Jul 2012 01:05:28 +0000 (-0700) Subject: ipv4: Fix crashes in fib_rules_tclass(). X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=e044a651b9b7b1b33d8b7fdb2bb27e443f392083;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git ipv4: Fix crashes in fib_rules_tclass(). All paths assume, when CONFIG_IP_MULTIPLE_TABLES is enabled, that any successful call to fib_lookup() will initialize the fib_result->r value to something. We violated that expectation in the new fib_lookup() fast path. Reported-by: Or Gerlitz Tested-by: Eric Dumazet Tested-by: Greg Rose Signed-off-by: David S. Miller --- diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h index 539c6721f810..000c4674e18e 100644 --- a/include/net/ip_fib.h +++ b/include/net/ip_fib.h @@ -230,6 +230,7 @@ static inline int fib_lookup(struct net *net, struct flowi4 *flp, struct fib_result *res) { if (!net->ipv4.fib_has_custom_rules) { + res->r = NULL; if (net->ipv4.fib_local && !fib_table_lookup(net->ipv4.fib_local, flp, res, FIB_LOOKUP_NOREF))