Phonet: fix NULL dereference on TX path with implicit source

The previous Phonet patch series introduced per-socket implicit
destination (i.e. connect()). In that case, the destination
socket address is NULL in the transmit function.
However commit a8059512b120362b15424f152b2548fe8b11bd0c
("Phonet: implement per-socket destination/peer address")
is incomplete and would trigger a NULL dereference.
(Fortunately, the code is not in released kernel, and in fact
 currently not reachable.)

Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c
index 30cc676c35fd157ec61bced3416d69b3a5e4ec39..4706b77e67bfce90532b2891616020735682d371 100644 (file)
--- a/net/phonet/af_phonet.c
+++ b/net/phonet/af_phonet.c
@@ -262,10 +262,9 @@ int pn_skb_send(struct sock *sk, struct sk_buff *skb,
        else if (phonet_address_lookup(net, daddr) == 0) {
                dev = phonet_device_get(net);
                skb->pkt_type = PACKET_LOOPBACK;
-       } else if (pn_sockaddr_get_object(target) == 0) {
+       } else if (dst == 0) {
                /* Resource routing (small race until phonet_rcv()) */
-               struct sock *sk = pn_find_sock_by_res(net,
-                                                       target->spn_resource);
+               struct sock *sk = pn_find_sock_by_res(net, res);
                if (sk) {
                        sock_put(sk);
                        dev = phonet_device_get(net);