Valgrind detected use after free in netlink_run_handler(): some members of
struct nl_context are accessed after the netlink context is freed by
netlink_done(). Use local variables to store the two flags and check them
instead.
Fixes: 6c19c0d559c8 ("netlink: use genetlink ops information to decide about
fallback")
Signed-off-by: Michal Kubecek <mkube...@suse.cz>
---
netlink/netlink.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/netlink/netlink.c b/netlink/netlink.c
index f655f6ea25b7..aaaabdd3048e 100644
--- a/netlink/netlink.c
+++ b/netlink/netlink.c
@@ -457,6 +457,7 @@ void netlink_run_handler(struct cmd_context *ctx, nl_func_t
nlfunc,
bool no_fallback)
{
bool wildcard = ctx->devname && !strcmp(ctx->devname, WILDCARD_DEVNAME);
+ bool wildcard_unsupported, ioctl_fallback;
struct nl_context *nlctx;
const char *reason;
int ret;
@@ -478,14 +479,17 @@ void netlink_run_handler(struct cmd_context *ctx,
nl_func_t nlfunc,
nlctx = ctx->nlctx;
ret = nlfunc(ctx);
+ wildcard_unsupported = nlctx->wildcard_unsupported;
+ ioctl_fallback = nlctx->ioctl_fallback;
netlink_done(ctx);
- if (no_fallback || ret != -EOPNOTSUPP || !nlctx->ioctl_fallback) {
- if (nlctx->wildcard_unsupported)
+
+ if (no_fallback || ret != -EOPNOTSUPP || !ioctl_fallback) {
+ if (wildcard_unsupported)
fprintf(stderr, "%s\n",
"subcommand does not support wildcard dump");
exit(ret >= 0 ? ret : 1);
}
- if (nlctx->wildcard_unsupported)
+ if (wildcard_unsupported)
reason = "subcommand does not support wildcard dump";
else
reason = "kernel netlink support for subcommand missing";
--
2.29.2
