On 4/2/19 8:40 PM, Hoang Le wrote:
> skb somehow dequeued out of inputq before processing, it causes to
> NULL pointer and kernel crashed.
>
> Add checking skb valid before using.
>
> Fixes: c55c8edafa9 ("tipc: smooth change between replicast and broadcast")
> Reported-by: Tuong Lien Tong <[email protected]>
> Signed-off-by: Hoang Le <[email protected]>
Acked-by: Ying Xue <[email protected]>
> ---
> net/tipc/bcast.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c
> index 76e14dc08bb9..6c997d4a6218 100644
> --- a/net/tipc/bcast.c
> +++ b/net/tipc/bcast.c
> @@ -769,6 +769,9 @@ void tipc_mcast_filter_msg(struct net *net, struct
> sk_buff_head *defq,
> u32 node, port;
>
> skb = skb_peek(inputq);
> + if (!skb)
> + return;
> +
> hdr = buf_msg(skb);
>
> if (likely(!msg_is_syn(hdr) && skb_queue_empty(defq)))
>
_______________________________________________
tipc-discussion mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
