net: bridge: fix a null pointer dereference in br_afspec

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

We might call br_afspec() with p == NULL which is a valid use case if
the action is on the bridge device itself, but the bridge tunnel code
dereferences the p pointer without checking, so check if p is null
first.

Reported-by: Gustavo A. R. Silva <garsilva@embeddedor.com>
Fixes: efa5356b0d97 ("bridge: per vlan dst_metadata netlink support")
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Nikolay Aleksandrov and committed by

David S. Miller 8 years ago 1020ce31 79514ef6

+1 -1

1 changed file

expand all

net

bridge

br_netlink.c

+1 -1

net/bridge/br_netlink.c

··· 595 595 err = 0; 596 596 switch (nla_type(attr)) { 597 597 case IFLA_BRIDGE_VLAN_TUNNEL_INFO: 598 - if (!(p->flags & BR_VLAN_TUNNEL)) 598 + if (!p || !(p->flags & BR_VLAN_TUNNEL)) 599 599 return -EINVAL; 600 600 err = br_parse_vlan_tunnel_info(attr, &tinfo_curr); 601 601 if (err)