From: Sven Eckelmann Date: Sat, 2 Jul 2016 07:52:13 +0000 (+0200) Subject: batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=10c78f5854d361ded4736c1831948e0a5f67b932;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git batman-adv: Avoid nullptr dereference in bla after vlan_insert_tag vlan_insert_tag can return NULL on errors. The bridge loop avoidance code therefore has to check the return value of vlan_insert_tag for NULL before it can safely operate on this pointer. Fixes: 23721387c409 ("batman-adv: add basic bridge loop avoidance code") Signed-off-by: Sven Eckelmann Signed-off-by: Marek Lindner Signed-off-by: Simon Wunderlich --- diff --git a/net/batman-adv/bridge_loop_avoidance.c b/net/batman-adv/bridge_loop_avoidance.c index 748a9ead7ce5..712978024c5d 100644 --- a/net/batman-adv/bridge_loop_avoidance.c +++ b/net/batman-adv/bridge_loop_avoidance.c @@ -418,9 +418,12 @@ static void batadv_bla_send_claim(struct batadv_priv *bat_priv, u8 *mac, break; } - if (vid & BATADV_VLAN_HAS_TAG) + if (vid & BATADV_VLAN_HAS_TAG) { skb = vlan_insert_tag(skb, htons(ETH_P_8021Q), vid & VLAN_VID_MASK); + if (!skb) + goto out; + } skb_reset_mac_header(skb); skb->protocol = eth_type_trans(skb, soft_iface);