aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhil Oester <kernel@linuxace.com>2008-03-21 18:01:50 -0400
committerDavid S. Miller <davem@davemloft.net>2008-03-21 18:01:50 -0400
commit12b101555f4a67db67a66966a516075bd477741f (patch)
tree940f5aab5d774a7265ffa47977ab1cad8e3bcc6b
parent94833dfb8c98ed4ca1944dd2c1339d88a2d1c758 (diff)
[IPV4]: Fix null dereference in ip_defrag
Been seeing occasional panics in my testing of 2.6.25-rc in ip_defrag. Offending line in ip_defrag is here: net = skb->dev->nd_net where dev is NULL. Bisected the problem down to commit ac18e7509e7df327e30d6e073a787d922eaf211d ([NETNS][FRAGS]: Make the inet_frag_queue lookup work in namespaces). Below patch (idea from Patrick McHardy) fixes the problem for me. Signed-off-by: Phil Oester <kernel@linuxace.com> Acked-by: Patrick McHardy <kaber@trash.net> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/ip_fragment.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index a2e92f9709db..3b2e5adca838 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -568,7 +568,7 @@ int ip_defrag(struct sk_buff *skb, u32 user)
568 568
569 IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); 569 IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS);
570 570
571 net = skb->dev->nd_net; 571 net = skb->dev ? skb->dev->nd_net : skb->dst->dev->nd_net;
572 /* Start by cleaning up the memory. */ 572 /* Start by cleaning up the memory. */
573 if (atomic_read(&net->ipv4.frags.mem) > net->ipv4.frags.high_thresh) 573 if (atomic_read(&net->ipv4.frags.mem) > net->ipv4.frags.high_thresh)
574 ip_evictor(net); 574 ip_evictor(net);