There is a possible null pointer deference bugs in neigh_fill_info(),
which is similar to the bug which was fixed in commit 6adc5fd6a142
("net/neighbour: fix crash at dumping device-agnostic proxy entries").
Signed-off-by: Young Xiao <92siuy...@gmail.com>
---
net/core/neighbour.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index dfa8710..33c3ff1 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -2440,7 +2440,7 @@ static int neigh_fill_info(struct sk_buff *skb, struct
neighbour *neigh,
ndm->ndm_pad2 = 0;
ndm->ndm_flags = neigh->flags;
ndm->ndm_type = neigh->type;
- ndm->ndm_ifindex = neigh->dev->ifindex;
+ ndm->ndm_ifindex = neigh->dev ? neigh->dev->ifindex : 0;
if (nla_put(skb, NDA_DST, neigh->tbl->key_len, neigh->primary_key))
goto nla_put_failure;
--
2.7.4
