From ef1675823905ff09cb5e551700a124d0133648b7 Mon Sep 17 00:00:00 2001

From: Michal Kubecek <mkubecek@suse.cz>

Date: Mon, 9 Nov 2020 13:30:54 +0100

Subject: [PATCH 23/26] netlink: fix use after free in netlink_run_handler()

Valgrind detected use after free in netlink_run_handler(): some members of

struct nl_context are accessed after the netlink context is freed by

netlink_done(). Use local variables to store the two flags and check them

instead.

Fixes: 6c19c0d559c8 ("netlink: use genetlink ops information to decide about fallback")

Signed-off-by: Michal Kubecek <mkubecek@suse.cz>

(cherry picked from commit 29b38ea218bd978d1950e12cc24da98215a1eeef)

---

 netlink/netlink.c | 10 +++++++---

 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/netlink/netlink.c b/netlink/netlink.c

index 86dc1efdf5ce..2a12bb8b1759 100644

--- a/netlink/netlink.c

+++ b/netlink/netlink.c

@@ -303,6 +303,7 @@ void netlink_run_handler(struct cmd_context *ctx, nl_func_t nlfunc,

 			 bool no_fallback)

 {

 	bool wildcard = ctx->devname && !strcmp(ctx->devname, WILDCARD_DEVNAME);

+	bool wildcard_unsupported, ioctl_fallback;

 	struct nl_context *nlctx;

 	const char *reason;

 	int ret;

@@ -324,14 +325,17 @@ void netlink_run_handler(struct cmd_context *ctx, nl_func_t nlfunc,

 	nlctx = ctx->nlctx;

 	ret = nlfunc(ctx);

+	wildcard_unsupported = nlctx->wildcard_unsupported;

+	ioctl_fallback = nlctx->ioctl_fallback;

 	netlink_done(ctx);

-	if (no_fallback || ret != -EOPNOTSUPP || !nlctx->ioctl_fallback) {

-		if (nlctx->wildcard_unsupported)

+

+	if (no_fallback || ret != -EOPNOTSUPP || !ioctl_fallback) {

+		if (wildcard_unsupported)

 			fprintf(stderr, "%s\n",

 				"subcommand does not support wildcard dump");

 		exit(ret >= 0 ? ret : 1);

 	}

-	if (nlctx->wildcard_unsupported)

+	if (wildcard_unsupported)

 		reason = "subcommand does not support wildcard dump";

 	else

 		reason = "kernel netlink support for subcommand missing";

-- 

2.26.2