Unverified Commit 8543d649 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!10211 fix CVE-2022-48865 

Merge Pull Request from: @ci-robot 
 
PR sync from: Zhengchao Shao <shaozhengchao@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/6C7SJKQZW3XWEVMGNWGDBSURQ4KHWUX5/ 
Fix CVE-2022-48865

Tung Nguyen (1):
  tipc: fix kernel panic when enabling bearer

Tuong Lien (1):
  tipc: fix NULL pointer dereference in tipc_disc_rcv()


-- 
2.34.1
 
https://gitee.com/src-openeuler/kernel/issues/IADGRO 
 
Link:https://gitee.com/openeuler/kernel/pulls/10211

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Reviewed-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parents 43d86ecc 9161db04

net/tipc/bearer.c

+7 −5
Original line number Diff line number Diff line
@@ -312,7 +312,6 @@ static int tipc_enable_bearer(struct net *net, const char *name, 
	b->domain = disc_domain;

	b->net_plane = bearer_id + 'A';

	b->priority = prio;

	test_and_set_bit_lock(0, &b->up);



	res = tipc_disc_create(net, b, &b->bcast_addr, &skb);

	if (res) {
@@ -321,15 +320,18 @@ static int tipc_enable_bearer(struct net *net, const char *name, 
		goto rejected;

	}



	rcu_assign_pointer(tn->bearer_list[bearer_id], b);

	if (skb)

		tipc_bearer_xmit_skb(net, bearer_id, skb, &b->bcast_addr);



	/* Create monitoring data before accepting activate messages */

	if (tipc_mon_create(net, bearer_id)) {

		bearer_disable(net, b);

		kfree_skb(skb);

		return -ENOMEM;

	}



	test_and_set_bit_lock(0, &b->up);

	rcu_assign_pointer(tn->bearer_list[bearer_id], b);

	if (skb)

		tipc_bearer_xmit_skb(net, bearer_id, skb, &b->bcast_addr);



	pr_info("Enabled bearer <%s>, priority %u\n", name, prio);



	return res;