Acked-by: Jon Maloy <jon.ma...@ericsson.com>
Although "somehow" is not the good term here,- the reason is obvious when
looking into tipc_sk_proto_rcv().
> -----Original Message-----
> From: netdev-ow...@vger.kernel.org <netdev-ow...@vger.kernel.org>
> On Behalf Of Hoang Le
> Sent: 3-Apr-19 02:05
> To: Jon Maloy <jon.ma...@ericsson.com>; ma...@donjonn.com;
> ying....@windriver.com; tipc-discussion@lists.sourceforge.net;
> net...@vger.kernel.org
> Subject: [net-next] tipc: add NULL pointer check
>
> skb somehow dequeued out of inputq before processing, it causes to NULL
> pointer and kernel crashed.
>
> Add checking skb valid before using.
>
> Fixes: c55c8edafa9 ("tipc: smooth change between replicast and broadcast")
> Reported-by: Tuong Lien Tong <tuong.t.l...@dektech.com.au>
> Acked-by: Ying Xue <ying....@windriver.com>
> Signed-off-by: Hoang Le <hoang.h...@dektech.com.au>
> ---
> net/tipc/bcast.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index
> 76e14dc08bb9..6c997d4a6218 100644
> --- a/net/tipc/bcast.c
> +++ b/net/tipc/bcast.c
> @@ -769,6 +769,9 @@ void tipc_mcast_filter_msg(struct net *net, struct
> sk_buff_head *defq,
> u32 node, port;
>
> skb = skb_peek(inputq);
> + if (!skb)
> + return;
> +
> hdr = buf_msg(skb);
>
> if (likely(!msg_is_syn(hdr) && skb_queue_empty(defq)))
> --
> 2.17.1
_______________________________________________
tipc-discussion mailing list
tipc-discussion@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tipc-discussion
