Ack: [CVE-2014-2678][All Series] rds: prevent dereference of a NULL device in rds_iw_laddr_check
Brad Figg
brad.figg at canonical.com
Fri Apr 4 14:03:39 UTC 2014
On 04/04/2014 06:32 AM, Luis Henriques wrote:
> From: Sasha Levin <sasha.levin at oracle.com>
>
> Binding might result in a NULL device which is later dereferenced
> without checking.
>
> Signed-off-by: Sasha Levin <sasha.levin at oracle.com>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> (cherry picked from commit bf39b4247b8799935ea91d90db250ab608a58e50)
> BugLink: http://bugs.launchpad.net/bugs/1302222
> CVE-2014-2678
> Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
> ---
> net/rds/iw.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/rds/iw.c b/net/rds/iw.c
> index db224f7..bff1e4b 100644
> --- a/net/rds/iw.c
> +++ b/net/rds/iw.c
> @@ -237,7 +237,8 @@ static int rds_iw_laddr_check(__be32 addr)
> ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin);
> /* due to this, we will claim to support IB devices unless we
> check node_type. */
> - if (ret || cm_id->device->node_type != RDMA_NODE_RNIC)
> + if (ret || !cm_id->device ||
> + cm_id->device->node_type != RDMA_NODE_RNIC)
> ret = -EADDRNOTAVAIL;
>
> rdsdebug("addr %pI4 ret %d node type %d\n",
>
--
Brad Figg brad.figg at canonical.com http://www.canonical.com
More information about the kernel-team
mailing list