Techwizz/kernel-fxtec-pro1x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

[PPPOE]: Use ifindex instead of device pointer in key lookups.

Browse source 
Otherwise we can potentially try to dereference a NULL device
pointer in some cases.

Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Florian Zumbiehl 2007-03-04 16:03:22 -08:00 committed by David S. Miller
parent bc5f774347
commit 6f30e1867c
2 changed files with 8 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
drivers/net/pppoe.c
View file

@ -140,7 +140,7 @@ static struct pppox_sock *__get_item(unsigned long sid, unsigned char *addr, int
ret = item_hash_table[hash]; ret = item_hash_table[hash];
while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex)) while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex))
ret = ret->next; ret = ret->next;
return ret; return ret;
@ -153,7 +153,7 @@ static int __set_item(struct pppox_sock *po)
ret = item_hash_table[hash]; ret = item_hash_table[hash];
while (ret) { while (ret) {
if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_dev->ifindex == po->pppoe_dev->ifindex) if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_ifindex == po->pppoe_ifindex)
return -EALREADY; return -EALREADY;
ret = ret->next; ret = ret->next;
@ -174,7 +174,7 @@ static struct pppox_sock *__delete_item(unsigned long sid, char *addr, int ifind
src = &item_hash_table[hash]; src = &item_hash_table[hash];
while (ret) { while (ret) {
if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex) { if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex) {
*src = ret->next; *src = ret->next;
break; break;
} }
@ -529,7 +529,7 @@ static int pppoe_release(struct socket *sock)
po = pppox_sk(sk); po = pppox_sk(sk);
if (po->pppoe_pa.sid) { if (po->pppoe_pa.sid) {
delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_dev->ifindex); delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_ifindex);
} }
if (po->pppoe_dev) if (po->pppoe_dev)
@ -577,7 +577,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
pppox_unbind_sock(sk); pppox_unbind_sock(sk);
/* Delete the old binding */ /* Delete the old binding */
delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_dev->ifindex); delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_ifindex);
if(po->pppoe_dev) if(po->pppoe_dev)
dev_put(po->pppoe_dev); dev_put(po->pppoe_dev);
@ -597,6 +597,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
goto end; goto end;
po->pppoe_dev = dev; po->pppoe_dev = dev;
po->pppoe_ifindex = dev->ifindex;
if (!(dev->flags & IFF_UP)) if (!(dev->flags & IFF_UP))
goto err_put; goto err_put;

2
include/linux/if_pppox.h
View file

@ -114,6 +114,7 @@ struct pppoe_hdr {
#ifdef __KERNEL__ #ifdef __KERNEL__
struct pppoe_opt { struct pppoe_opt {
struct net_device *dev; /* device associated with socket*/ struct net_device *dev; /* device associated with socket*/
int ifindex; /* ifindex of device associated with socket */
struct pppoe_addr pa; /* what this socket is bound to*/ struct pppoe_addr pa; /* what this socket is bound to*/
struct sockaddr_pppox relay; /* what socket data will be struct sockaddr_pppox relay; /* what socket data will be
relayed to (PPPoE relaying) */ relayed to (PPPoE relaying) */
@ -132,6 +133,7 @@ struct pppox_sock {
unsigned short num; unsigned short num;
}; };
#define pppoe_dev proto.pppoe.dev #define pppoe_dev proto.pppoe.dev
#define pppoe_ifindex proto.pppoe.ifindex
#define pppoe_pa proto.pppoe.pa #define pppoe_pa proto.pppoe.pa
#define pppoe_relay proto.pppoe.relay #define pppoe_relay proto.pppoe.relay