mptcp: pm: Fix undefined behavior in mptcp_remove_anno_list_by_saddr()

[PATCH net-next] mptcp: pm: Fix undefined behavior in mptcp_remove_anno_list_by_saddr()

Thorsten Blum posted 1 patch 1 week, 3 days ago

Download mbox

Failed in applying to current master (apply log)

net/mptcp/pm.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)

Expand all Fold all

[PATCH net-next] mptcp: pm: Fix undefined behavior in mptcp_remove_anno_list_by_saddr()

Posted by Thorsten Blum 1 week, 3 days ago

Commit e4c28e3d5c090 ("mptcp: pm: move generic PM helpers to pm.c")
removed a necessary if-check, leading to undefined behavior because
the freed pointer is subsequently returned from the function.

Reintroduce the if-check to fix this and add a local return variable to
prevent further checkpatch warnings, which originally led to the removal
of the if-check.

Fixes: e4c28e3d5c090 ("mptcp: pm: move generic PM helpers to pm.c")
Signed-off-by: Thorsten Blum <thorsten.blum@linux.dev>
---
 net/mptcp/pm.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/net/mptcp/pm.c b/net/mptcp/pm.c
index 18b19dbccbba..5a6d5e4897dd 100644
--- a/net/mptcp/pm.c
+++ b/net/mptcp/pm.c
@@ -151,10 +151,15 @@ bool mptcp_remove_anno_list_by_saddr(struct mptcp_sock *msk,
 				     const struct mptcp_addr_info *addr)
 {
 	struct mptcp_pm_add_entry *entry;
+	bool ret = false;
 
 	entry = mptcp_pm_del_add_timer(msk, addr, false);
-	kfree(entry);
-	return entry;
+	if (entry) {
+		ret = true;
+		kfree(entry);
+	}
+
+	return ret;
 }
 
 bool mptcp_pm_sport_in_anno_list(struct mptcp_sock *msk, const struct sock *sk)