[CVE-2014-2678][All Series] rds: prevent dereference of a NULL device in rds_iw_laddr_check
Luis Henriques
luis.henriques at canonical.com
Fri Apr 4 13:32:51 UTC 2014
From: Sasha Levin <sasha.levin at oracle.com>
Binding might result in a NULL device which is later dereferenced
without checking.
Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit bf39b4247b8799935ea91d90db250ab608a58e50)
BugLink: http://bugs.launchpad.net/bugs/1302222
CVE-2014-2678
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
net/rds/iw.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/rds/iw.c b/net/rds/iw.c
index db224f7..bff1e4b 100644
--- a/net/rds/iw.c
+++ b/net/rds/iw.c
@@ -237,7 +237,8 @@ static int rds_iw_laddr_check(__be32 addr)
ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin);
/* due to this, we will claim to support IB devices unless we
check node_type. */
- if (ret || cm_id->device->node_type != RDMA_NODE_RNIC)
+ if (ret || !cm_id->device ||
+ cm_id->device->node_type != RDMA_NODE_RNIC)
ret = -EADDRNOTAVAIL;
rdsdebug("addr %pI4 ret %d node type %d\n",
--
1.9.1
More information about the kernel-team
mailing list