From ef1675823905ff09cb5e551700a124d0133648b7 Mon Sep 17 00:00:00 2001 From: Michal Kubecek Date: Mon, 9 Nov 2020 13:30:54 +0100 Subject: [PATCH 23/26] netlink: fix use after free in netlink_run_handler() Valgrind detected use after free in netlink_run_handler(): some members of struct nl_context are accessed after the netlink context is freed by netlink_done(). Use local variables to store the two flags and check them instead. Fixes: 6c19c0d559c8 ("netlink: use genetlink ops information to decide about fallback") Signed-off-by: Michal Kubecek (cherry picked from commit 29b38ea218bd978d1950e12cc24da98215a1eeef) --- netlink/netlink.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/netlink/netlink.c b/netlink/netlink.c index 86dc1efdf5ce..2a12bb8b1759 100644 --- a/netlink/netlink.c +++ b/netlink/netlink.c @@ -303,6 +303,7 @@ void netlink_run_handler(struct cmd_context *ctx, nl_func_t nlfunc, bool no_fallback) { bool wildcard = ctx->devname && !strcmp(ctx->devname, WILDCARD_DEVNAME); + bool wildcard_unsupported, ioctl_fallback; struct nl_context *nlctx; const char *reason; int ret; @@ -324,14 +325,17 @@ void netlink_run_handler(struct cmd_context *ctx, nl_func_t nlfunc, nlctx = ctx->nlctx; ret = nlfunc(ctx); + wildcard_unsupported = nlctx->wildcard_unsupported; + ioctl_fallback = nlctx->ioctl_fallback; netlink_done(ctx); - if (no_fallback || ret != -EOPNOTSUPP || !nlctx->ioctl_fallback) { - if (nlctx->wildcard_unsupported) + + if (no_fallback || ret != -EOPNOTSUPP || !ioctl_fallback) { + if (wildcard_unsupported) fprintf(stderr, "%s\n", "subcommand does not support wildcard dump"); exit(ret >= 0 ? ret : 1); } - if (nlctx->wildcard_unsupported) + if (wildcard_unsupported) reason = "subcommand does not support wildcard dump"; else reason = "kernel netlink support for subcommand missing"; -- 2.26.2