summaryrefslogtreecommitdiffstats
path: root/net/phonet
diff options
context:
space:
mode:
authorRémi Denis-Courmont <remi.denis-courmont@nokia.com>2011-03-08 23:44:06 +0100
committerDavid S. Miller <davem@davemloft.net>2011-03-09 20:59:29 +0100
commitc69d4407d8884e8a127f95d07b1896443f3716ff (patch)
tree85989f9259365d5470113e810237b567ba93af37 /net/phonet
parentinetpeer: Don't disable BH for initial fast RCU lookup. (diff)
downloadlinux-c69d4407d8884e8a127f95d07b1896443f3716ff.tar.xz
linux-c69d4407d8884e8a127f95d07b1896443f3716ff.zip
Phonet: fix NULL dereference on TX path with implicit source
The previous Phonet patch series introduced per-socket implicit destination (i.e. connect()). In that case, the destination socket address is NULL in the transmit function. However commit a8059512b120362b15424f152b2548fe8b11bd0c ("Phonet: implement per-socket destination/peer address") is incomplete and would trigger a NULL dereference. (Fortunately, the code is not in released kernel, and in fact currently not reachable.) Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/phonet')
-rw-r--r--net/phonet/af_phonet.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
index 30cc676c35fd..4706b77e67bf 100644
--- a/net/phonet/af_phonet.c
+++ b/net/phonet/af_phonet.c
@@ -262,10 +262,9 @@ int pn_skb_send(struct sock *sk, struct sk_buff *skb,
else if (phonet_address_lookup(net, daddr) == 0) {
dev = phonet_device_get(net);
skb->pkt_type = PACKET_LOOPBACK;
- } else if (pn_sockaddr_get_object(target) == 0) {
+ } else if (dst == 0) {
/* Resource routing (small race until phonet_rcv()) */
- struct sock *sk = pn_find_sock_by_res(net,
- target->spn_resource);
+ struct sock *sk = pn_find_sock_by_res(net, res);
if (sk) {
sock_put(sk);
dev = phonet_device_get(net);