From patchwork Tue Feb 12 10:18:45 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pau Koning X-Patchwork-Id: 219775 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 76D8F2C0320 for ; Tue, 12 Feb 2013 21:19:03 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758734Ab3BLKS7 (ORCPT ); Tue, 12 Feb 2013 05:18:59 -0500 Received: from mail-ea0-f175.google.com ([209.85.215.175]:48487 "EHLO mail-ea0-f175.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1758144Ab3BLKS6 (ORCPT ); Tue, 12 Feb 2013 05:18:58 -0500 Received: by mail-ea0-f175.google.com with SMTP id d1so75837eab.34 for ; Tue, 12 Feb 2013 02:18:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=x-received:from:to:cc:subject:date:message-id:x-mailer; bh=hrIZKn3bwln3dGHwTCKF1tE+Ga3TqR8EfYWGYczkWxk=; b=VYvrJBlxcSbkYL7Hu5Fdi4V7JFfgJxtg/J6hNwftL9CUigKEnl9oeHrk96BfsjDb8V KEkir+2v+HNvcISlob0Any/00fgdoByvKvjkT01eyZdX2Rhy8G0M2geaeedel3rYsJS9 592k5e9wq8YquNm+iphzwLhyMSScSv66/UFUqJZHEBJ4VWEVWvQV7ccEvUVmhjCzGAfy iDA1Hr5EvLOIu0xQpzGrLdqWHHHuObtag1/ufgqInowVNUXbyobjRB3AC9nESDMiR1h2 zJ37Ow+wCW7DJtcUCjfVFjvf5Mtjoh0TrQznNazyep1wATN6JyNTYCwrBFfstt95X7ip Ja1g== X-Received: by 10.14.202.197 with SMTP id d45mr62141347eeo.1.1360664336506; Tue, 12 Feb 2013 02:18:56 -0800 (PST) Received: from benoir (vasks.debian.org. [217.196.43.140]) by mx.google.com with ESMTPS id a1sm41714882eep.2.2013.02.12.02.18.54 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Tue, 12 Feb 2013 02:18:55 -0800 (PST) From: Pau Koning To: davem@davemloft.net Cc: netdev@vger.kernel.org, Pau Koning Subject: [PATCH] batman-adv: Fix NULL pointer dereference in DAT hash collision avoidance Date: Tue, 12 Feb 2013 11:18:45 +0100 Message-Id: <1360664325-7323-1-git-send-email-paukoning@gmail.com> X-Mailer: git-send-email 1.7.10.4 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org An entry in DAT with the hashed position of 0 can cause a NULL pointer dereference when the first entry is checked by batadv_choose_next_candidate. This first candidate automatically has the max value of 0 and the max_orig_node of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible will lead to a NULL pointer dereference when checking for the lowest address. This problem was added in 785ea1144182c341b8b85b0f8180291839d176a8 ("batman-adv: Distributed ARP Table - create DHT helper functions"). Signed-off-by: Pau Koning --- net/batman-adv/distributed-arp-table.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index 0e05ad4..d54188a 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -439,7 +439,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res, /* this is an hash collision with the temporary selected node. Choose * the one with the lowest address */ - if ((tmp_max == max) && + if ((tmp_max == max) && max_orig_node && (batadv_compare_eth(candidate->orig, max_orig_node->orig) > 0)) goto out;