Acked-by: Jon Maloy <[email protected]> Although "somehow" is not the good term here,- the reason is obvious when looking into tipc_sk_proto_rcv().
> -----Original Message----- > From: [email protected] <[email protected]> > On Behalf Of Hoang Le > Sent: 3-Apr-19 02:05 > To: Jon Maloy <[email protected]>; [email protected]; > [email protected]; [email protected]; > [email protected] > Subject: [net-next] tipc: add NULL pointer check > > skb somehow dequeued out of inputq before processing, it causes to NULL > pointer and kernel crashed. > > Add checking skb valid before using. > > Fixes: c55c8edafa9 ("tipc: smooth change between replicast and broadcast") > Reported-by: Tuong Lien Tong <[email protected]> > Acked-by: Ying Xue <[email protected]> > Signed-off-by: Hoang Le <[email protected]> > --- > net/tipc/bcast.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index > 76e14dc08bb9..6c997d4a6218 100644 > --- a/net/tipc/bcast.c > +++ b/net/tipc/bcast.c > @@ -769,6 +769,9 @@ void tipc_mcast_filter_msg(struct net *net, struct > sk_buff_head *defq, > u32 node, port; > > skb = skb_peek(inputq); > + if (!skb) > + return; > + > hdr = buf_msg(skb); > > if (likely(!msg_is_syn(hdr) && skb_queue_empty(defq))) > -- > 2.17.1 _______________________________________________ tipc-discussion mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tipc-discussion
