diff options
author | Phil Oester <kernel@linuxace.com> | 2008-03-21 18:01:50 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-03-21 18:01:50 -0400 |
commit | 12b101555f4a67db67a66966a516075bd477741f (patch) | |
tree | 940f5aab5d774a7265ffa47977ab1cad8e3bcc6b | |
parent | 94833dfb8c98ed4ca1944dd2c1339d88a2d1c758 (diff) |
[IPV4]: Fix null dereference in ip_defrag
Been seeing occasional panics in my testing of 2.6.25-rc in ip_defrag.
Offending line in ip_defrag is here:
net = skb->dev->nd_net
where dev is NULL. Bisected the problem down to commit
ac18e7509e7df327e30d6e073a787d922eaf211d ([NETNS][FRAGS]: Make the
inet_frag_queue lookup work in namespaces).
Below patch (idea from Patrick McHardy) fixes the problem for me.
Signed-off-by: Phil Oester <kernel@linuxace.com>
Acked-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/ip_fragment.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index a2e92f9709db..3b2e5adca838 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c | |||
@@ -568,7 +568,7 @@ int ip_defrag(struct sk_buff *skb, u32 user) | |||
568 | 568 | ||
569 | IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); | 569 | IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS); |
570 | 570 | ||
571 | net = skb->dev->nd_net; | 571 | net = skb->dev ? skb->dev->nd_net : skb->dst->dev->nd_net; |
572 | /* Start by cleaning up the memory. */ | 572 | /* Start by cleaning up the memory. */ |
573 | if (atomic_read(&net->ipv4.frags.mem) > net->ipv4.frags.high_thresh) | 573 | if (atomic_read(&net->ipv4.frags.mem) > net->ipv4.frags.high_thresh) |
574 | ip_evictor(net); | 574 | ip_evictor(net); |