summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPau Koning <paukoning@gmail.com>2013-02-12 01:18:45 +0100
committerDavid S. Miller <davem@davemloft.net>2013-02-13 19:35:24 +0100
commit816cd5b83e4d8f3c8106966e64a025408caee3f6 (patch)
tree3d784959629752b71d77e4504472189f8972d9cb
parentnet/macb: fix race with RX interrupt while doing NAPI (diff)
downloadlinux-816cd5b83e4d8f3c8106966e64a025408caee3f6.tar.xz
linux-816cd5b83e4d8f3c8106966e64a025408caee3f6.zip
batman-adv: Fix NULL pointer dereference in DAT hash collision avoidance
An entry in DAT with the hashed position of 0 can cause a NULL pointer dereference when the first entry is checked by batadv_choose_next_candidate. This first candidate automatically has the max value of 0 and the max_orig_node of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible will lead to a NULL pointer dereference when checking for the lowest address. This problem was added in 785ea1144182c341b8b85b0f8180291839d176a8 ("batman-adv: Distributed ARP Table - create DHT helper functions"). Signed-off-by: Pau Koning <paukoning@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/batman-adv/distributed-arp-table.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c
index 183f97a86bb2..553921511e4e 100644
--- a/net/batman-adv/distributed-arp-table.c
+++ b/net/batman-adv/distributed-arp-table.c
@@ -440,7 +440,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res,
/* this is an hash collision with the temporary selected node. Choose
* the one with the lowest address
*/
- if ((tmp_max == max) &&
+ if ((tmp_max == max) && max_orig_node &&
(batadv_compare_eth(candidate->orig, max_orig_node->orig) > 0))
goto out;