• Jesper Juhl's avatar
    batman-adv: Even Batman should not dereference NULL pointers · ed7809d9
    Jesper Juhl authored
    There's a problem in net/batman-adv/unicast.c::frag_send_skb().
    dev_alloc_skb() allocates memory and may fail, thus returning NULL. If
    this happens we'll pass a NULL pointer on to skb_split() which in turn
    hands it to skb_split_inside_header() from where it gets passed to
    skb_put() that lets skb_tail_pointer() play with it and that function
    dereferences it. And thus the bat dies.
    While I was at it I also moved the call to dev_alloc_skb() above the
    assignment to 'unicast_packet' since there's no reason to do that
    assignment if the memory allocation fails.
    Signed-off-by: default avatarJesper Juhl <jj@chaosbits.net>
    Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
unicast.c 8.71 KB