summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJulien TINNES <julien@cr0.org>2009-08-27 15:26:58 +0200
committerGreg Kroah-Hartman <gregkh@suse.de>2009-09-08 20:34:04 -0700
commit72b57bef7b0e7e3bae7ef607a05435d8fa115c31 (patch)
treefd6b146f6cabba649ab206ea6abb9559da0dba24
parent36c32cab609e449a3b9fbb0543717799a287eb63 (diff)
downloadlinux-stable-72b57bef7b0e7e3bae7ef607a05435d8fa115c31.tar.gz
linux-stable-72b57bef7b0e7e3bae7ef607a05435d8fa115c31.tar.bz2
linux-stable-72b57bef7b0e7e3bae7ef607a05435d8fa115c31.zip
ipv4: make ip_append_data() handle NULL routing table
commit 788d908f2879a17e5f80924f3da2e23f1034482d upstream. Add a check in ip_append_data() for NULL *rtp to prevent future bugs in callers from being exploitable. Signed-off-by: Julien Tinnes <julien@cr0.org> Signed-off-by: Tavis Ormandy <taviso@sdf.lonestar.org> Acked-by: David S. Miller <davem@davemloft.net> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--net/ipv4/ip_output.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 3e7e910c7c0f..d1d88e6255bc 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -814,6 +814,8 @@ int ip_append_data(struct sock *sk,
inet->cork.addr = ipc->addr;
}
rt = *rtp;
+ if (unlikely(!rt))
+ return -EFAULT;
/*
* We steal reference to this route, caller should not release it
*/