Commit 10bfd453 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller

ipv6: fix potential "struct net" leak in inet6_rtm_getaddr()

It seems that if userspace provides a correct IFA_TARGET_NETNSID value
but no IFA_ADDRESS and IFA_LOCAL attributes, inet6_rtm_getaddr()
returns -EINVAL with an elevated "struct net" refcount.

Fixes: 6ecf4c37 ("ipv6: enable IFA_TARGET_NETNSID for RTM_GETADDR")
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Cc: Christian Brauner <brauner@kernel.org>
Cc: David Ahern <dsahern@kernel.org>
Reviewed-by: default avatarDavid Ahern <dsahern@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 1a825e4c
...@@ -5509,9 +5509,10 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh, ...@@ -5509,9 +5509,10 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr *nlh,
} }
addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer); addr = extract_addr(tb[IFA_ADDRESS], tb[IFA_LOCAL], &peer);
if (!addr) if (!addr) {
return -EINVAL; err = -EINVAL;
goto errout;
}
ifm = nlmsg_data(nlh); ifm = nlmsg_data(nlh);
if (ifm->ifa_index) if (ifm->ifa_index)
dev = dev_get_by_index(tgt_net, ifm->ifa_index); dev = dev_get_by_index(tgt_net, ifm->ifa_index);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment