bpf: fix verifier NULL pointer dereference

[thirdparty/kernel/stable.git] / kernel / bpf / verifier.c

diff --git a/kernel/bpf/verifier.c b/kernel/bpf/verifier.c
index 8293fc2f452a8e5a792292fd5a460df8ae722568..68ff8ee42ba0433ad4aa691331deeeb90cac6425 100644 (file)
--- a/kernel/bpf/verifier.c
+++ b/kernel/bpf/verifier.c
@@ -4777,8 +4777,10 @@ int bpf_check(struct bpf_prog **prog, union bpf_attr *attr)
        env->allow_ptr_leaks = capable(CAP_SYS_ADMIN);
 
        ret = do_check(env);
-       free_verifier_state(env->cur_state, true);
-       env->cur_state = NULL;
+       if (env->cur_state) {
+               free_verifier_state(env->cur_state, true);
+               env->cur_state = NULL;
+       }
 
 skip_full_check:
        while (!pop_stack(env, NULL, NULL));
@@ -4887,8 +4889,10 @@ int bpf_analyzer(struct bpf_prog *prog, const struct bpf_ext_analyzer_ops *ops,
        env->allow_ptr_leaks = capable(CAP_SYS_ADMIN);
 
        ret = do_check(env);
-       free_verifier_state(env->cur_state, true);
-       env->cur_state = NULL;
+       if (env->cur_state) {
+               free_verifier_state(env->cur_state, true);
+               env->cur_state = NULL;
+       }
 
 skip_full_check:
        while (!pop_stack(env, NULL, NULL));