Re: [PATCHv4 net 1/2] ipv4/icmp: fix rt dst dev null pointer dereference

On 22 Aug 2019, at 7:19, Hangbin Liu wrote: > In __icmp_send() there is a possibility that the rt->dst.dev is NULL, > e,g, with tunnel collect_md mode, which will cause kernel crash. > Here is what the code path looks like, for GRE: > > - ip6gre_tunnel_xmit > - ip6gre_xmit_ipv4 > - __gre6_xm

Re: [PATCHv4 net 1/2] ipv4/icmp: fix rt dst dev null pointer dereference

Hello, On Thu, 22 Aug 2019, Hangbin Liu wrote: > In __icmp_send() there is a possibility that the rt->dst.dev is NULL, > e,g, with tunnel collect_md mode, which will cause kernel crash. > Here is what the code path looks like, for GRE: > > - ip6gre_tunnel_xmit > - ip6gre_xmit_ipv4 >

[PATCHv4 net 1/2] ipv4/icmp: fix rt dst dev null pointer dereference

In __icmp_send() there is a possibility that the rt->dst.dev is NULL, e,g, with tunnel collect_md mode, which will cause kernel crash. Here is what the code path looks like, for GRE: - ip6gre_tunnel_xmit - ip6gre_xmit_ipv4 - __gre6_xmit - ip6_tnl_xmit - if skb->len - t->tun_hle