diff options
author | Daniel Borkmann <dborkman@redhat.com> | 2014-07-31 21:48:59 +0200 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-07-31 13:10:02 -0700 |
commit | 2b391ee2cae3945832011970bede35dab885879d (patch) | |
tree | f3f2420c980c5459041261bad7c72325642025cd /drivers/net/team | |
parent | ccda4a77f3a5976e4f064eddce11faec54d1f1e0 (diff) | |
download | op-kernel-dev-2b391ee2cae3945832011970bede35dab885879d.zip op-kernel-dev-2b391ee2cae3945832011970bede35dab885879d.tar.gz |
team: fix releasing uninitialized pointer to BPF prog
Commit 34c5bd66e5ed introduced the possibility that an
uninitialized pointer on the stack (orig_fp) can call into
sk_unattached_filter_destroy() when its value is non NULL.
Before that commit orig_fp was only destroyed in the same
block where it was assigned a valid BPF prog before. Fix it
up by initializing it to NULL.
Fixes: 34c5bd66e5ed ("net: filter: don't release unattached filter through call_rcu()")
Signed-off-by: Daniel Borkmann <dborkman@redhat.com>
Cc: Pablo Neira <pablo@netfilter.org>
Cc: Alexei Starovoitov <ast@plumgrid.com>
Cc: Jiri Pirko <jiri@resnulli.us>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/team')
-rw-r--r-- | drivers/net/team/team_mode_loadbalance.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/drivers/net/team/team_mode_loadbalance.c b/drivers/net/team/team_mode_loadbalance.c index 7106f34..d7be9b3 100644 --- a/drivers/net/team/team_mode_loadbalance.c +++ b/drivers/net/team/team_mode_loadbalance.c @@ -272,7 +272,7 @@ static int lb_bpf_func_set(struct team *team, struct team_gsetter_ctx *ctx) { struct lb_priv *lb_priv = get_lb_priv(team); struct sk_filter *fp = NULL; - struct sk_filter *orig_fp; + struct sk_filter *orig_fp = NULL; struct sock_fprog_kern *fprog = NULL; int err; |