[PATCH v2] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect

From: Anastasia Belova
Date: Thu Mar 21 2024 - 08:35:48 EST

Next message: Matthew Wilcox: "Re: summarize all information again at bottom//reply: reply: [PATCH] mm: fix a race scenario in folio_isolate_lru"
Previous message: Simon Horman: "Re: [PATCH 1/1] Documentation: networking: document CAN ISO-TP"
In reply to: Jiri Pirko: "Re: [PATCH] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect"
Next in thread: Denis Kirjanov: "Re: [PATCH v2] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

skb is an optional parameter, so it may be NULL.
Add check defore dereference in eth_hdr.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: 690e36e726d0 ("net: Allow raw buffers to be passed into the flow dissector.")
Signed-off-by: Anastasia Belova <abelova@xxxxxxxxxxxxx>
---
net/core/flow_dissector.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c
index 272f09251343..68a8228ffae3 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -1139,6 +1139,8 @@ bool __skb_flow_dissect(const struct net *net,

if (dissector_uses_key(flow_dissector,
FLOW_DISSECTOR_KEY_ETH_ADDRS)) {
+ if (!skb)
+ goto out_bad;
struct ethhdr *eth = eth_hdr(skb);
struct flow_dissector_key_eth_addrs *key_eth_addrs;

--
2.30.2

Next message: Matthew Wilcox: "Re: summarize all information again at bottom//reply: reply: [PATCH] mm: fix a race scenario in folio_isolate_lru"
Previous message: Simon Horman: "Re: [PATCH 1/1] Documentation: networking: document CAN ISO-TP"
In reply to: Jiri Pirko: "Re: [PATCH] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect"
Next in thread: Denis Kirjanov: "Re: [PATCH v2] flow_dissector: prevent NULL pointer dereference in __skb_flow_dissect"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]