summaryrefslogtreecommitdiffstats
path: root/net/tipc
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2016-02-24 17:20:17 +0100
committerDavid S. Miller <davem@davemloft.net>2016-02-25 23:04:48 +0100
commit619b17452a388d6be69a7b28dc92310ea3f5aa65 (patch)
tree4a93903e01d57de7fd532be2e2265b3f1b4ea60f /net/tipc
parenttipc: fix crash during node removal (diff)
downloadlinux-619b17452a388d6be69a7b28dc92310ea3f5aa65.tar.xz
linux-619b17452a388d6be69a7b28dc92310ea3f5aa65.zip
tipc: fix null deref crash in compat config path
msg.dst_sk needs to be set up with a valid socket because some callbacks later derive the netns from it. Fixes: 263ea09084d172d ("Revert "genl: Add genlmsg_new_unicast() for unicast message allocation") Reported-by: Jon Maloy <maloy@donjonn.com> Bisected-by: Jon Maloy <maloy@donjonn.com> Signed-off-by: Florian Westphal <fw@strlen.de> Acked-by Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/tipc')
-rw-r--r--net/tipc/netlink_compat.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index de66d8f945ed..d7d050f44fc1 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -1105,6 +1105,7 @@ static int tipc_nl_compat_recv(struct sk_buff *skb, struct genl_info *info)
msg.req = nlmsg_data(req_nlh) + GENL_HDRLEN + TIPC_GENL_HDRLEN;
msg.cmd = req_userhdr->cmd;
msg.net = genl_info_net(info);
+ msg.dst_sk = skb->sk;
if ((msg.cmd & 0xC000) && (!netlink_net_capable(skb, CAP_NET_ADMIN))) {
msg.rep = tipc_get_err_tlv(TIPC_CFG_NOT_NET_ADMIN);