From patchwork Thu Mar 3 19:09:02 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Linus_L=C3=BCssing?= X-Patchwork-Id: 869 Return-Path: Received: from fmmailgate03.web.de (fmmailgate03.web.de [217.72.192.234]) by open-mesh.org (Postfix) with ESMTP id 12261154033 for ; Thu, 3 Mar 2011 20:09:10 +0100 (CET) Received: from smtp01.web.de ( [172.20.0.243]) by fmmailgate03.web.de (Postfix) with ESMTP id 1DEC61898D4A3; Thu, 3 Mar 2011 20:09:09 +0100 (CET) Received: from [46.126.246.98] (helo=localhost) by smtp01.web.de with asmtp (TLSv1:AES128-SHA:128) (WEB.DE 4.110 #2) id 1PvDtc-0005Yh-00; Thu, 03 Mar 2011 20:09:09 +0100 From: =?UTF-8?q?Linus=20L=C3=BCssing?= To: b.a.t.m.a.n@lists.open-mesh.org Date: Thu, 3 Mar 2011 20:09:02 +0100 Message-Id: <1299179342-15418-2-git-send-email-linus.luessing@ascom.ch> X-Mailer: git-send-email 1.7.2.3 In-Reply-To: <1299179342-15418-1-git-send-email-linus.luessing@ascom.ch> References: <1299179342-15418-1-git-send-email-linus.luessing@ascom.ch> Sender: linus.luessing@web.de X-Sender: linus.luessing@web.de X-Provags-ID: V01U2FsdGVkX1/8pqJapuhWTs4rvBGjr+fwigT+tXqCQ0ke47yG dMDPvttZgwB2OUo5Z7yjHXurkGtNbwsq+iBVeRrsGxHw6lPIX0 KCVTPtDFa6t9nyoTdghQ== Cc: =?UTF-8?q?Linus=20L=C3=BCssing?= Subject: [B.A.T.M.A.N.] [PATCH] RFC: batman-adv: Fix null pointer deref. when adding hard-if as soft-if X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.13 Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Mar 2011 19:09:10 -0000 When we are trying to create a batman soft-interface which already exists as a common hard interface, batman than wrongly assumes that this hard interface is a fully initialized soft interface. This leads to a null pointer dereference on the first try of accessing for instance a non-intialized orig_hash. For every hard interface, there is no initialized orig_hash, therefore this commit uses this criteria to abort creating a soft interface with an already existing name. --- hard-interface.c | 17 +++++++++++++++-- 1 files changed, 15 insertions(+), 2 deletions(-) diff --git a/batman-adv/hard-interface.c b/batman-adv/hard-interface.c index 95a35b6..53d6fce 100644 --- a/batman-adv/hard-interface.c +++ b/batman-adv/hard-interface.c @@ -282,6 +282,7 @@ int hardif_enable_interface(struct hard_iface *hard_iface, char *iface_name) { struct bat_priv *bat_priv; struct batman_packet *batman_packet; + int ret; if (hard_iface->if_status != IF_NOT_IN_USE) goto out; @@ -294,20 +295,32 @@ int hardif_enable_interface(struct hard_iface *hard_iface, char *iface_name) if (!hard_iface->soft_iface) { hard_iface->soft_iface = softif_create(iface_name); - if (!hard_iface->soft_iface) + if (!hard_iface->soft_iface) { + ret = -ENOMEM; goto err; + } /* dev_get_by_name() increases the reference counter for us */ dev_hold(hard_iface->soft_iface); } bat_priv = netdev_priv(hard_iface->soft_iface); + + if (!bat_priv->orig_hash) { + bat_err(hard_iface->soft_iface, + "Can't create soft interface %s: " + "already exists as non soft interface\n", + hard_iface->soft_iface->name); + ret = -EINVAL; + goto err; + } hard_iface->packet_len = BAT_PACKET_LEN; hard_iface->packet_buff = kmalloc(hard_iface->packet_len, GFP_ATOMIC); if (!hard_iface->packet_buff) { bat_err(hard_iface->soft_iface, "Can't add interface packet " "(%s): out of memory\n", hard_iface->net_dev->name); + ret = -ENOMEM; goto err; } @@ -370,7 +383,7 @@ out: err: hardif_free_ref(hard_iface); - return -ENOMEM; + return ret; } void hardif_disable_interface(struct hard_iface *hard_iface)