From: Allan Stephens Date: Thu, 5 Jun 2008 00:36:58 +0000 (-0700) Subject: tipc: Prevent access of non-existent field in short message header X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=9c396a7bfb4fe74e444be09069651280da520944;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git tipc: Prevent access of non-existent field in short message header This patch eliminates a case where TIPC's link code could try reading a field that is not present in a short message header. (The random value obtained was not being used, but the read operation could result in an invalid memory access exception in extremely rare circumstances.) Signed-off-by: Allan Stephens Signed-off-by: David S. Miller --- diff --git a/net/tipc/link.c b/net/tipc/link.c index c62ebfea9304..022cb2f107ac 100644 --- a/net/tipc/link.c +++ b/net/tipc/link.c @@ -2674,10 +2674,12 @@ int tipc_link_send_long_buf(struct link *l_ptr, struct sk_buff *buf) u32 pack_sz = link_max_pkt(l_ptr); u32 fragm_sz = pack_sz - INT_H_SIZE; u32 fragm_no = 1; - u32 destaddr = msg_destnode(inmsg); + u32 destaddr; if (msg_short(inmsg)) destaddr = l_ptr->addr; + else + destaddr = msg_destnode(inmsg); if (msg_routed(inmsg)) msg_set_prevnode(inmsg, tipc_own_addr);