From: Ido Schimmel <ido...@idosch.org>
Date: Thu, 4 Jul 2019 19:26:38 +0300
> From: Ido Schimmel <ido...@mellanox.com>
>
> Both ip_neigh_gw4() and ip_neigh_gw6() can return either a valid pointer
> or an error pointer, but the code currently checks that the pointer is
> not NULL.
>
> Fix this by checking that the pointer is not an error pointer, as this
> can result in a NULL pointer dereference [1]. Specifically, I believe
> that what happened is that ip_neigh_gw4() returned '-EINVAL'
> (0xffffffffffffffea) to which the offset of 'refcnt' (0x70) was added,
> which resulted in the address 0x000000000000005a.
>
> [1]
...
> Fixes: 5c9f7c1dfc2e ("ipv4: Add helpers for neigh lookup for nexthop")
> Signed-off-by: Ido Schimmel <ido...@mellanox.com>
> Reported-by: Shalom Toledo <shal...@mellanox.com>
> Reviewed-by: Jiri Pirko <j...@mellanox.com>
Applied, thanks.
