linux/net/tipc
Ying Xue 7098356bac tipc: fix error handling of expanding buffer headroom
Coverity says:

*** CID 1338065:  Error handling issues  (CHECKED_RETURN)
/net/tipc/udp_media.c: 162 in tipc_udp_send_msg()
156     	struct udp_media_addr *dst = (struct udp_media_addr *)&dest->value;
157     	struct udp_media_addr *src = (struct udp_media_addr *)&b->addr.value;
158     	struct sk_buff *clone;
159     	struct rtable *rt;
160
161     	if (skb_headroom(skb) < UDP_MIN_HEADROOM)
>>>     CID 1338065:  Error handling issues  (CHECKED_RETURN)
>>>     Calling "pskb_expand_head" without checking return value (as is done elsewhere 51 out of 56 times).
162     		pskb_expand_head(skb, UDP_MIN_HEADROOM, 0, GFP_ATOMIC);
163
164     	clone = skb_clone(skb, GFP_ATOMIC);
165     	skb_set_inner_protocol(clone, htons(ETH_P_TIPC));
166     	ub = rcu_dereference_rtnl(b->media_ptr);
167     	if (!ub) {

When expanding buffer headroom over udp tunnel with pskb_expand_head(),
it's unfortunate that we don't check its return value. As a result, if
the function returns an error code due to the lack of memory, it may
cause unpredictable consequence as we unconditionally consider that
it's always successful.

Fixes: e53567948f ("tipc: conditionally expand buffer headroom over udp tunnel")
Reported-by: <scan-admin@coverity.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-11-24 11:26:19 -05:00
..
addr.c
addr.h
bcast.c tipc: clean up unused code and structures 2015-10-24 06:56:47 -07:00
bcast.h tipc: clean up unused code and structures 2015-10-24 06:56:47 -07:00
bearer.c tipc: clean up unused code and structures 2015-10-24 06:56:47 -07:00
bearer.h tipc: clean up unused code and structures 2015-10-24 06:56:47 -07:00
core.c tipc: create broadcast transmission link at namespace init 2015-10-24 06:56:27 -07:00
core.h tipc: clean up unused code and structures 2015-10-24 06:56:47 -07:00
discover.c tipc: let neighbor discoverer tranmsit consumable buffers 2015-10-24 06:56:44 -07:00
discover.h
eth_media.c
ib_media.c
Kconfig
link.c tipc: correct settings of broadcast link state 2015-11-20 14:08:51 -05:00
link.h tipc: clean up unused code and structures 2015-10-24 06:56:47 -07:00
Makefile
msg.c tipc: let broadcast packet reception use new link receive function 2015-10-24 06:56:37 -07:00
msg.h tipc: let broadcast packet reception use new link receive function 2015-10-24 06:56:37 -07:00
name_distr.c tipc: ensure binding table initial distribution is sent via first link 2015-10-24 06:56:46 -07:00
name_distr.h
name_table.c
name_table.h
net.c tipc: create broadcast transmission link at namespace init 2015-10-24 06:56:27 -07:00
net.h
netlink_compat.c tipc: don't sanity check non-existing TLV (NL compat) 2015-08-17 10:39:54 -07:00
netlink.c
netlink.h
node.c tipc: link_is_bc_sndlink() can be static 2015-10-25 06:31:52 -07:00
node.h tipc: clean up unused code and structures 2015-10-24 06:56:47 -07:00
server.c
server.h
socket.c tipc: avoid packets leaking on socket receive queue 2015-11-23 23:45:15 -05:00
socket.h tipc: clean up socket layer message reception 2015-07-26 16:31:50 -07:00
subscr.c
subscr.h
sysctl.c
udp_media.c tipc: fix error handling of expanding buffer headroom 2015-11-24 11:26:19 -05:00