diff options
| author | Guillaume Nault <g.nault@alphalink.fr> | 2017-10-13 19:22:35 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2017-11-18 11:22:21 +0100 |
| commit | 9075216b8b935e467e329a5fa2e432fad96b00bf (patch) | |
| tree | 361bfd1753cebecafbadd70f686f8d8886ce4516 /net/l2tp | |
| parent | e12c42c55287f39bfbaa2ab7e9cf04c88879768f (diff) | |
| download | linux-stable-9075216b8b935e467e329a5fa2e432fad96b00bf.tar.gz linux-stable-9075216b8b935e467e329a5fa2e432fad96b00bf.tar.bz2 linux-stable-9075216b8b935e467e329a5fa2e432fad96b00bf.zip | |
l2tp: check ps->sock before running pppol2tp_session_ioctl()
[ Upstream commit 5903f594935a3841137c86b9d5b75143a5b7121c ]
When pppol2tp_session_ioctl() is called by pppol2tp_tunnel_ioctl(),
the session may be unconnected. That is, it was created by
pppol2tp_session_create() and hasn't been connected with
pppol2tp_connect(). In this case, ps->sock is NULL, so we need to check
for this case in order to avoid dereferencing a NULL pointer.
Fixes: 309795f4bec2 ("l2tp: Add netlink control API for L2TP")
Signed-off-by: Guillaume Nault <g.nault@alphalink.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net/l2tp')
| -rw-r--r-- | net/l2tp/l2tp_ppp.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c index 1696f1fd5877..163f1fa53917 100644 --- a/net/l2tp/l2tp_ppp.c +++ b/net/l2tp/l2tp_ppp.c @@ -993,6 +993,9 @@ static int pppol2tp_session_ioctl(struct l2tp_session *session, session->name, cmd, arg); sk = ps->sock; + if (!sk) + return -EBADR; + sock_hold(sk); switch (cmd) { |