Closed mjmartineau closed 1 year ago
Eric Dumazet reports that syzbot found a possible NULL dereference:
> diff --git a/net/mptcp/subflow.c b/net/mptcp/subflow.c > index df208666fd19..2b43577f952e 100644 > --- a/net/mptcp/subflow.c > +++ b/net/mptcp/subflow.c > @@ -421,6 +421,7 @@ static bool subflow_use_different_dport(struct mptcp_sock *msk, const struct soc > > void __mptcp_set_connected(struct sock *sk) > { > + __mptcp_propagate_sndbuf(sk, mptcp_sk(sk)->first); ->first can be NULL here, according to syzbot.
https://lore.kernel.org/netdev/CANn89iLZUA6S2a=K8GObnS62KK6Jt4B7PsAs7meMFooM8xaTgw@mail.gmail.com/
More details here:
https://syzkaller.appspot.com/bug?extid=9dfbaedb6e6baca57a32
Patch:
https://patchwork.kernel.org/project/mptcp/patch/3350eaf14a073538bf491f93fc852cd02ab0875a.1699280113.git.pabeni@redhat.com/
mjmartineau
commented
1 year ago mjmartineau
commented
1 year ago
Eric Dumazet reports that syzbot found a possible NULL dereference:
https://lore.kernel.org/netdev/CANn89iLZUA6S2a=K8GObnS62KK6Jt4B7PsAs7meMFooM8xaTgw@mail.gmail.com/