mac80211: mesh: handle failed alloc for rmc cache

In the unlikely case that mesh_rmc_init() fails with -ENOMEM,
the rmc pointer will be left as NULL but the interface is still
operational because ieee80211_mesh_init_sdata() is not allowed
to fail.

If this happens, we would blindly dereference rmc when checking
whether a multicast frame is in the cache.  Instead just drop the
frames in the forwarding path.

Signed-off-by: Bob Copeland <me@bobcopeland.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c
index a216c439b6f2eb28739a6191dff3acb18dbb8f4d..d0d8eeaa812980e155fac893b3baec4dc193a8da 100644 (file)
--- a/net/mac80211/mesh.c
+++ b/net/mac80211/mesh.c
@@ -220,6 +220,9 @@ int mesh_rmc_check(struct ieee80211_sub_if_data *sdata,
        u8 idx;
        struct rmc_entry *p, *n;
 
+       if (!rmc)
+               return -1;
+
        /* Don't care about endianness since only match matters */
        memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum));
        idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask;