diff options
author | Alexei Starovoitov <ast@plumgrid.com> | 2014-12-10 20:14:55 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2014-12-10 23:34:27 -0500 |
commit | 198bf1b046e370a7d3987b195cff5f1efebec3ac (patch) | |
tree | bf46fa99273ce89e4d7f3ff2e000ec6fc41b9cb7 /net/core | |
parent | f95b414edb18de59940dcebbefb49cf25c6d505c (diff) | |
download | op-kernel-dev-198bf1b046e370a7d3987b195cff5f1efebec3ac.zip op-kernel-dev-198bf1b046e370a7d3987b195cff5f1efebec3ac.tar.gz |
net: sock: fix access via invalid file descriptor
0day robot reported the following crash:
[ 21.233581] BUG: unable to handle kernel NULL pointer dereference at 0000000000000007
[ 21.234709] IP: [<ffffffff8156ebda>] sk_attach_bpf+0x39/0xc2
It's due to bpf_prog_get() returning ERR_PTR.
Check it properly.
Reported-by: Fengguang Wu <fengguang.wu@intel.com>
Fixes: 89aa075832b0 ("net: sock: allow eBPF programs to be attached to sockets")
Signed-off-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core')
-rw-r--r-- | net/core/filter.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/core/filter.c b/net/core/filter.c index 8cc3c03..ec9baea 100644 --- a/net/core/filter.c +++ b/net/core/filter.c @@ -1103,8 +1103,8 @@ int sk_attach_bpf(u32 ufd, struct sock *sk) return -EPERM; prog = bpf_prog_get(ufd); - if (!prog) - return -EINVAL; + if (IS_ERR(prog)) + return PTR_ERR(prog); if (prog->aux->prog_type != BPF_PROG_TYPE_SOCKET_FILTER) { /* valid fd, but invalid program type */ |