ed7809d9c4
There's a problem in net/batman-adv/unicast.c::frag_send_skb(). dev_alloc_skb() allocates memory and may fail, thus returning NULL. If this happens we'll pass a NULL pointer on to skb_split() which in turn hands it to skb_split_inside_header() from where it gets passed to skb_put() that lets skb_tail_pointer() play with it and that function dereferences it. And thus the bat dies. While I was at it I also moved the call to dev_alloc_skb() above the assignment to 'unicast_packet' since there's no reason to do that assignment if the memory allocation fails. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Sven Eckelmann <sven@narfation.org> |
||
|---|---|---|
| .. | ||
| aggregation.c | ||
| aggregation.h | ||
| bat_debugfs.c | ||
| bat_debugfs.h | ||
| bat_sysfs.c | ||
| bat_sysfs.h | ||
| bitarray.c | ||
| bitarray.h | ||
| gateway_client.c | ||
| gateway_client.h | ||
| gateway_common.c | ||
| gateway_common.h | ||
| hard-interface.c | ||
| hard-interface.h | ||
| hash.c | ||
| hash.h | ||
| icmp_socket.c | ||
| icmp_socket.h | ||
| Kconfig | ||
| main.c | ||
| main.h | ||
| Makefile | ||
| originator.c | ||
| originator.h | ||
| packet.h | ||
| ring_buffer.c | ||
| ring_buffer.h | ||
| routing.c | ||
| routing.h | ||
| send.c | ||
| send.h | ||
| soft-interface.c | ||
| soft-interface.h | ||
| translation-table.c | ||
| translation-table.h | ||
| types.h | ||
| unicast.c | ||
| unicast.h | ||
| vis.c | ||
| vis.h | ||