From patchwork Mon Jan  3 05:43:55 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dan Carpenter <error27@gmail.com>
X-Patchwork-Id: 77219
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id F2617B6F14
	for <patchwork-incoming@ozlabs.org>;
	Mon,  3 Jan 2011 16:44:24 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751590Ab1ACFoI (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Mon, 3 Jan 2011 00:44:08 -0500
Received: from mail-ww0-f44.google.com ([74.125.82.44]:45203 "EHLO
	mail-ww0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751330Ab1ACFoG (ORCPT
	<rfc822;netdev@vger.kernel.org>); Mon, 3 Jan 2011 00:44:06 -0500
Received: by wwa36 with SMTP id 36so13870648wwa.1
	for <multiple recipients>; Sun, 02 Jan 2011 21:44:04 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:date:from:to:cc:subject
	:message-id:mime-version:content-type:content-disposition:user-agent;
	bh=9gSlDeXJ8QMCLRIGWWDyLHsyKeWxSW1JDFsQMeBC53Q=;
	b=fjoHmt74QZcssiAxCPfOxjvVaxIx4yRPPKWskqLiRQy+DnvfaUms1hsgm2GRLHP65b
	gtD9vTYPaT74gJucXCAXznnd2fzA4Fe+GuGR78sTbFGavdOGhTTy9LxUsAEajuHLhJ83
	xCGILziYXBxbllb4Jas95DaRhRftZ3TRiv0Ao=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=date:from:to:cc:subject:message-id:mime-version:content-type
	:content-disposition:user-agent;
	b=R4TlP52ShBBbashJFDgjCgBSUoFPjcJnbboL211A7b0y1aWyK1BJdNMT60flaqkNtu
	gqFlTB4r/ZQK5bDz3amptTB8kuzr/7CfkYQQf5vuks3qpby8pQjmeCecywG8VEKUvzuP
	qSaQ4Vmu4K30j2Exh6e6PFey8zd0jMyV8XAII=
Received: by 10.216.160.1 with SMTP id t1mr13333898wek.2.1294033444249;
	Sun, 02 Jan 2011 21:44:04 -0800 (PST)
Received: from bicker ([41.202.225.145]) by mx.google.com with ESMTPS id
	j58sm9615515wes.21.2011.01.02.21.44.01
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Sun, 02 Jan 2011 21:44:03 -0800 (PST)
Date: Mon, 3 Jan 2011 08:43:55 +0300
From: Dan Carpenter <error27@gmail.com>
To: "John W. Linville" <linville@tuxdriver.com>
Cc: Johannes Berg <johannes@sipsolutions.net>,
	"David S. Miller" <davem@davemloft.net>,
	linux-wireless@vger.kernel.org, netdev@vger.kernel.org,
	kernel-janitors@vger.kernel.org
Subject: [patch] mac80211: potential null dereference in mesh forwarding
Message-ID: <20110103054355.GP1886@bicker>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.5.20 (2009-06-14)
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

The printk() is supposed to be ratelimited but we should always goto out
when fwd_skb is NULL.  Otherwise it gets dereferenced on the next line.

Signed-off-by: Dan Carpenter <error27@gmail.com>
---
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
index 5e9d3bc..dc8b566 100644
--- a/net/mac80211/rx.c
+++ b/net/mac80211/rx.c
@@ -1831,8 +1831,9 @@ ieee80211_rx_h_mesh_fwding(struct ieee80211_rx_data *rx)
 
 			fwd_skb = skb_copy(skb, GFP_ATOMIC);
 
-			if (!fwd_skb && net_ratelimit()) {
-				printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
+			if (!fwd_skb) {
+				if (net_ratelimit())
+					printk(KERN_DEBUG "%s: failed to clone mesh frame\n",
 						   sdata->name);
 				goto out;
 			}