From 29211e7db28ab12a4a5aaab4bcc080a3ac67ec78 Mon Sep 17 00:00:00 2001 From: Tim Gardner Date: Fri, 15 Oct 2021 16:05:50 -0700 Subject: mptcp: Avoid NULL dereference in mptcp_getsockopt_subflow_addrs() Coverity complains of a possible NULL dereference in mptcp_getsockopt_subflow_addrs(): 861 } else if (sk->sk_family == AF_INET6) { 3. returned_null: inet6_sk returns NULL. [show details] 4. var_assigned: Assigning: np = NULL return value from inet6_sk. 862 const struct ipv6_pinfo *np = inet6_sk(sk); Fix this by checking for NULL. Closes: https://github.com/multipath-tcp/mptcp_net-next/issues/231 Fixes: c11c5906bc0a ("mptcp: add MPTCP_SUBFLOW_ADDRS getsockopt support") Cc: Florian Westphal Signed-off-by: Tim Gardner [mjm: Added WARN_ON_ONCE() to the unexpected case] Signed-off-by: Mat Martineau Signed-off-by: David S. Miller --- net/mptcp/sockopt.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'net/mptcp') diff --git a/net/mptcp/sockopt.c b/net/mptcp/sockopt.c index 8137cc3a4296..0f1e661c2032 100644 --- a/net/mptcp/sockopt.c +++ b/net/mptcp/sockopt.c @@ -861,6 +861,9 @@ static void mptcp_get_sub_addrs(const struct sock *sk, struct mptcp_subflow_addr } else if (sk->sk_family == AF_INET6) { const struct ipv6_pinfo *np = inet6_sk(sk); + if (WARN_ON_ONCE(!np)) + return; + a->sin6_local.sin6_family = AF_INET6; a->sin6_local.sin6_port = inet->inet_sport; -- cgit v1.2.3-70-g09d2