tipc: check nl sock before parsing nested attributes

[ Upstream commit 45e093ae2830cd1264677d47ff9a95a71f5d9f9c ] Make sure the socket for which the user is listing publication exists before parsing the socket netlink attributes. Prior to this patch a call without any socket caused a NULL pointer dereference in tipc_nl_publ_dump(). Tested-and-reported-by: Baozeng Ding <sploving1@gmail.com> Signed-off-by: Richard Alpe <richard.alpe@ericsson.com> Acked-by: Jon Maloy <jon.maloy@ericsson.cm> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Richard Alpe <richard.alpe@ericsson.com> 2016-05-16 11:14:54 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2016-06-24 10:18:16 -0700
commit: 23cdd8c3cbe9d790f23d7f9ae14e9b828f56f69c (patch)
tree: a505d305cf376d78c12186241b50eadd57d1f502 /net/tipc
parent: c54c115da7214a41a697180964cf6d7a5a50b599 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index e53003cf7703..9b713e0ce00d 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -2814,6 +2814,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb)
 		if (err)
 			return err;
 
+		if (!attrs[TIPC_NLA_SOCK])
+			return -EINVAL;
+
 		err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX,
 				       attrs[TIPC_NLA_SOCK],
 				       tipc_nl_sock_policy);
author	Richard Alpe <richard.alpe@ericsson.com>	2016-05-16 11:14:54 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2016-06-24 10:18:16 -0700
commit	23cdd8c3cbe9d790f23d7f9ae14e9b828f56f69c (patch)
tree	a505d305cf376d78c12186241b50eadd57d1f502 /net/tipc
parent	c54c115da7214a41a697180964cf6d7a5a50b599 (diff)