diff mbox

[v2] batman-adv: fix tt_local_reset_flags() function

Message ID 1318784017-28150-1-git-send-email-ordex@autistici.org (mailing list archive)
State Accepted, archived
Headers

Commit Message

Antonio Quartulli Oct. 16, 2011, 4:53 p.m. UTC 
  Currently the counter of tt_local_entry structures (tt_local_num) is incremented
each time the tt_local_reset_flags() is invoked causing the node to send wrong
TT_REPONSE packets containing a copy of non-initialised memory thus corrupting
other nodes global translation table and making higher level communication
impossible.

Reported-by: Junkeun Song <jun361@gmail.com>
Signed-off-by: Antonio Quartulli <ordex@autistici.org>
Acked-by: Junkeun Song <jun361@gmail.com>
---
 translation-table.c |    2 ++
 1 files changed, 2 insertions(+), 0 deletions(-)

Comments

Marek Lindner Oct. 17, 2011, 12:01 p.m. UTC | #1 
On Sunday, October 16, 2011 18:53:37 Antonio Quartulli wrote:
> Currently the counter of tt_local_entry structures (tt_local_num) is
> incremented each time the tt_local_reset_flags() is invoked causing the
> node to send wrong TT_REPONSE packets containing a copy of non-initialised
> memory thus corrupting other nodes global translation table and making
> higher level communication impossible.

Applied in revision d1b1d7c.

Thanks,
Marek
diff mbox

Patch

diff --git a/translation-table.c b/translation-table.c
index 2d2cfc1..d4a3917 100644
--- a/translation-table.c
+++ b/translation-table.c
@@ -1727,6 +1727,8 @@  static void tt_local_reset_flags(struct bat_priv *bat_priv, uint16_t flags)
 		rcu_read_lock();
 		hlist_for_each_entry_rcu(tt_local_entry, node,
 					 head, hash_entry) {
+			if (!(tt_local_entry->flags & flags))
+				continue;
 			tt_local_entry->flags &= ~flags;
 			atomic_inc(&bat_priv->num_local_tt);
 		}