projects / linux-drm-fsl-dcu.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e87183c)
ipv4: Fix crashes in ip_options_compile().
authorDavid S. Miller <davem@davemloft.net>
Wed, 4 Jul 2012 23:13:17 +0000 (16:13 -0700)
committerDavid S. Miller <davem@davemloft.net>
Wed, 4 Jul 2012 23:13:17 +0000 (16:13 -0700)
The spec_dst uses should be guarded by skb_rtable() being non-NULL
not just the SKB being non-null.

Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/ipv4/ip_options.c patch | blob | history

diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index 766dfe56885a9a8a8a679447c02b13e7c0106dfb..1f022510abe3431b75c1812ac5fe7be1836ca8d5 100644 (file)
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -253,12 +253,15 @@ int ip_options_compile(struct net *net,
 {
        __be32 spec_dst = (__force __be32) 0;
        unsigned char *pp_ptr = NULL;
+       struct rtable *rt = NULL;
        unsigned char *optptr;
        unsigned char *iph;
        int optlen, l;
 
        if (skb != NULL) {
-               spec_dst = fib_compute_spec_dst(skb);
+               rt = skb_rtable(skb);
+               if (rt)
+                       spec_dst = fib_compute_spec_dst(skb);
                optptr = (unsigned char *)&(ip_hdr(skb)[1]);
        } else
                optptr = opt->__data;
@@ -330,7 +333,7 @@ int ip_options_compile(struct net *net,
                                        pp_ptr = optptr + 2;
                                        goto error;
                                }
-                               if (skb) {
+                               if (rt) {
                                        memcpy(&optptr[optptr[2]-1], &spec_dst, 4);
                                        opt->is_changed = 1;
                                }
@@ -372,7 +375,7 @@ int ip_options_compile(struct net *net,
                                                goto error;
                                        }
                                        opt->ts = optptr - iph;
-                                       if (skb)  {
+                                       if (rt)  {
                                                memcpy(&optptr[optptr[2]-1], &spec_dst, 4);
                                                timeptr = &optptr[optptr[2]+3];
                                        }
Freescale DCU DRM driver