From: Ido Schimmel <[email protected]> Date: Thu, 4 Jul 2019 19:26:38 +0300
> From: Ido Schimmel <[email protected]> > > Both ip_neigh_gw4() and ip_neigh_gw6() can return either a valid pointer > or an error pointer, but the code currently checks that the pointer is > not NULL. > > Fix this by checking that the pointer is not an error pointer, as this > can result in a NULL pointer dereference [1]. Specifically, I believe > that what happened is that ip_neigh_gw4() returned '-EINVAL' > (0xffffffffffffffea) to which the offset of 'refcnt' (0x70) was added, > which resulted in the address 0x000000000000005a. > > [1] ... > Fixes: 5c9f7c1dfc2e ("ipv4: Add helpers for neigh lookup for nexthop") > Signed-off-by: Ido Schimmel <[email protected]> > Reported-by: Shalom Toledo <[email protected]> > Reviewed-by: Jiri Pirko <[email protected]> Applied, thanks.
