Skip to content

Commit

Permalink
tipc: reinitialize pointer after skb linearize
Browse files Browse the repository at this point in the history 
The msg pointer into header may change after skb linearization.
We must reinitialize it after calling skb_linearize to prevent
operating on a freed or invalid pointer.

Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
Reported-by: Tamás Végh <tamas.vegh@ericsson.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
  • Loading branch information
Erik Hugne authored and David S. Miller committed Sep 21, 2015
1 parent aab0c0e commit 4e3ae00
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions net/tipc/msg.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -539,6 +539,7 @@ bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err)
*err = -TIPC_ERR_NO_NAME;
if (skb_linearize(skb))
return false;
msg = buf_msg(skb);
if (msg_reroute_cnt(msg))
return false;
dnode = addr_domain(net, msg_lookup_scope(msg));
Expand Down

0 comments on commit 4e3ae00

Please sign in to comment.