diff options
| author | Florian Zumbiehl <florz@gmx.de> | 2007-03-04 19:03:22 -0500 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-03-05 16:25:28 -0500 |
| commit | 6f30e1867cb73602c6ed7f97e15a48e0a0c96cde (patch) | |
| tree | 4715c38e7555c42b92dbb8cf27afcde68a144cb8 /drivers | |
| parent | bc5f77434721a84705601e4d448d331c73900759 (diff) | |
[PPPOE]: Use ifindex instead of device pointer in key lookups.
Otherwise we can potentially try to dereference a NULL device
pointer in some cases.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers')
| -rw-r--r-- | drivers/net/pppoe.c | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c index 86e56f1f2f0b..ebfa2967cd68 100644 --- a/drivers/net/pppoe.c +++ b/drivers/net/pppoe.c | |||
| @@ -140,7 +140,7 @@ static struct pppox_sock *__get_item(unsigned long sid, unsigned char *addr, int | |||
| 140 | 140 | ||
| 141 | ret = item_hash_table[hash]; | 141 | ret = item_hash_table[hash]; |
| 142 | 142 | ||
| 143 | while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex)) | 143 | while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex)) |
| 144 | ret = ret->next; | 144 | ret = ret->next; |
| 145 | 145 | ||
| 146 | return ret; | 146 | return ret; |
| @@ -153,7 +153,7 @@ static int __set_item(struct pppox_sock *po) | |||
| 153 | 153 | ||
| 154 | ret = item_hash_table[hash]; | 154 | ret = item_hash_table[hash]; |
| 155 | while (ret) { | 155 | while (ret) { |
| 156 | if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_dev->ifindex == po->pppoe_dev->ifindex) | 156 | if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_ifindex == po->pppoe_ifindex) |
| 157 | return -EALREADY; | 157 | return -EALREADY; |
| 158 | 158 | ||
| 159 | ret = ret->next; | 159 | ret = ret->next; |
| @@ -174,7 +174,7 @@ static struct pppox_sock *__delete_item(unsigned long sid, char *addr, int ifind | |||
| 174 | src = &item_hash_table[hash]; | 174 | src = &item_hash_table[hash]; |
| 175 | 175 | ||
| 176 | while (ret) { | 176 | while (ret) { |
| 177 | if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex) { | 177 | if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex) { |
| 178 | *src = ret->next; | 178 | *src = ret->next; |
| 179 | break; | 179 | break; |
| 180 | } | 180 | } |
| @@ -529,7 +529,7 @@ static int pppoe_release(struct socket *sock) | |||
| 529 | 529 | ||
| 530 | po = pppox_sk(sk); | 530 | po = pppox_sk(sk); |
| 531 | if (po->pppoe_pa.sid) { | 531 | if (po->pppoe_pa.sid) { |
| 532 | delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_dev->ifindex); | 532 | delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_ifindex); |
| 533 | } | 533 | } |
| 534 | 534 | ||
| 535 | if (po->pppoe_dev) | 535 | if (po->pppoe_dev) |
| @@ -577,7 +577,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, | |||
| 577 | pppox_unbind_sock(sk); | 577 | pppox_unbind_sock(sk); |
| 578 | 578 | ||
| 579 | /* Delete the old binding */ | 579 | /* Delete the old binding */ |
| 580 | delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_dev->ifindex); | 580 | delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_ifindex); |
| 581 | 581 | ||
| 582 | if(po->pppoe_dev) | 582 | if(po->pppoe_dev) |
| 583 | dev_put(po->pppoe_dev); | 583 | dev_put(po->pppoe_dev); |
| @@ -597,6 +597,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, | |||
| 597 | goto end; | 597 | goto end; |
| 598 | 598 | ||
| 599 | po->pppoe_dev = dev; | 599 | po->pppoe_dev = dev; |
| 600 | po->pppoe_ifindex = dev->ifindex; | ||
| 600 | 601 | ||
| 601 | if (!(dev->flags & IFF_UP)) | 602 | if (!(dev->flags & IFF_UP)) |
| 602 | goto err_put; | 603 | goto err_put; |