Re: [patch] ipvs: freeing uninitialized pointer on error

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



	Hello,

On Fri, 25 Jan 2013, Dan Carpenter wrote:

> If state != IP_VS_STATE_BACKUP then tinfo->buf is uninitialized.  If
> kthread_run() fails then it means we free random memory resulting in an
> oops.

	Good catch. Simon, please apply!

	Problem is in 3.5+ caused by commit f73181c828
(ipvs: add support for sync threads)

> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>

Acked-by: Julian Anastasov <ja@xxxxxx>

> diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
> index effa10c..44fd10c 100644
> --- a/net/netfilter/ipvs/ip_vs_sync.c
> +++ b/net/netfilter/ipvs/ip_vs_sync.c
> @@ -1795,6 +1795,8 @@ int start_sync_thread(struct net *net, int state, char *mcast_ifn, __u8 syncid)
>  					     GFP_KERNEL);
>  			if (!tinfo->buf)
>  				goto outtinfo;
> +		} else {
> +			tinfo->buf = NULL;
>  		}
>  		tinfo->id = id;

Regards

--
Julian Anastasov <ja@xxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html


[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux