From: Of Antonio Quartulli
> Sent: 05 August 2015 13:52
> From: Marek Lindner <mareklind...@neomailbox.ch>
>
> batadv_softif_vlan_get() may return NULL which has to be verified
> by the caller.
>
...
> diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c
> index c002961..a2fc843 100644
> --- a/net/batman-adv/soft-interface.c
> +++ b/net/batman-adv/soft-interface.c
> @@ -479,6 +479,9 @@ out:
> */
> void batadv_softif_vlan_free_ref(struct batadv_softif_vlan *vlan)
> {
> + if (!vlan)
> + return;
> +
This bit doesn't look necessary.
You've added checks to some callers, the others probably don't need the check.
> @@ -1066,6 +1069,9 @@ uint16_t batadv_tt_local_remove(struct batadv_priv
> *bat_priv,
>
> /* decrease the reference held for this vlan */
> vlan = batadv_softif_vlan_get(bat_priv, vid);
> + if (!vlan)
> + goto out;
> +
> batadv_softif_vlan_free_ref(vlan);
> batadv_softif_vlan_free_ref(vlan);
That code is ringing alarm bells.
If you expect to have a reference count the object better exist.
If you can remove a reference count from a 'random' object then
you can break the reference counting of objects.
So is this test just hiding anoter bug somewhere??
David
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
