From: Pau Koning Date: Tue, 12 Feb 2013 00:18:45 +0000 (+0000) Subject: batman-adv: Fix NULL pointer dereference in DAT hash collision avoidance X-Git-Tag: v3.8~10^2~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=816cd5b83e4d8f3c8106966e64a025408caee3f6;p=profile%2Fcommon%2Fkernel-common.git batman-adv: Fix NULL pointer dereference in DAT hash collision avoidance An entry in DAT with the hashed position of 0 can cause a NULL pointer dereference when the first entry is checked by batadv_choose_next_candidate. This first candidate automatically has the max value of 0 and the max_orig_node of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible will lead to a NULL pointer dereference when checking for the lowest address. This problem was added in 785ea1144182c341b8b85b0f8180291839d176a8 ("batman-adv: Distributed ARP Table - create DHT helper functions"). Signed-off-by: Pau Koning Signed-off-by: David S. Miller --- diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c index 183f97a..5539215 100644 --- a/net/batman-adv/distributed-arp-table.c +++ b/net/batman-adv/distributed-arp-table.c @@ -440,7 +440,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res, /* this is an hash collision with the temporary selected node. Choose * the one with the lowest address */ - if ((tmp_max == max) && + if ((tmp_max == max) && max_orig_node && (batadv_compare_eth(candidate->orig, max_orig_node->orig) > 0)) goto out;