projects / feed / routing.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 55e4a16)
batman-adv: fix dat NULL pointer dereference
authorMarek Lindner <lindner_marek@yahoo.de>
Sat, 16 Feb 2013 11:00:50 +0000 (11:00 +0000)
committerMarek Lindner <lindner_marek@yahoo.de>
Sat, 16 Feb 2013 11:00:50 +0000 (11:00 +0000)
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
git-svn-id: svn://svn.openwrt.org/openwrt/packages/net/batman-adv@35609 3c298f89-4303-0410-b956-a3cf2f4a3e73

Makefile patch | blob | history
patches/0001-batman-adv-fix-skb-leak-in-batadv_dat_snoop_incoming.patch patch | blob | history
patches/0002-batman-adv-check-for-more-types-of-invalid-IP-addres.patch patch | blob | history
patches/0003-batman-adv-filter-ARP-packets-with-invalid-MAC-addre.patch patch | blob | history
patches/0004-batman-adv-Fix-NULL-pointer-dereference-in-DAT-hash-.patch [new file with mode: 0644] patch | blob

diff --git a/Makefile b/Makefile
index 6aa2c1382b1b3a8564a7a752e56f6af9bb43b29a..ef9bd48055c58755533d9061937afb54436120f8 100644 (file)
--- a/Makefile
+++ b/Makefile
@@ -12,7 +12,7 @@ PKG_NAME:=batman-adv
 
 PKG_VERSION:=2013.0.0
 BATCTL_VERSION:=2013.0.0
-PKG_RELEASE:=2
+PKG_RELEASE:=3
 PKG_MD5SUM:=37f4aa02f393daad3d87cead2bc28ed9
 BATCTL_MD5SUM:=6ea4bcd8a9332d586bb06b5063f882cd
 
diff --git a/patches/0001-batman-adv-fix-skb-leak-in-batadv_dat_snoop_incoming.patch b/patches/0001-batman-adv-fix-skb-leak-in-batadv_dat_snoop_incoming.patch
index a6829f46cd62a9ce5c918b27ebebd13ed40cc18f..715324cdc32347716747c36eb557b913ce2e2350 100644 (file)
--- a/patches/0001-batman-adv-fix-skb-leak-in-batadv_dat_snoop_incoming.patch
+++ b/patches/0001-batman-adv-fix-skb-leak-in-batadv_dat_snoop_incoming.patch
@@ -1,7 +1,7 @@
 From 977d8c6f9253ad71e4bd8e4be2705c3bee684feb Mon Sep 17 00:00:00 2001
 From: Matthias Schiffer <mschiffer@universe-factory.net>
 Date: Wed, 23 Jan 2013 18:11:53 +0100
-Subject: [PATCH 1/3] batman-adv: fix skb leak in
+Subject: [PATCH 1/4] batman-adv: fix skb leak in
  batadv_dat_snoop_incoming_arp_reply()
 
 The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been
diff --git a/patches/0002-batman-adv-check-for-more-types-of-invalid-IP-addres.patch b/patches/0002-batman-adv-check-for-more-types-of-invalid-IP-addres.patch
index ce84bac1254bec9b08b2e69982b1059ec3b8c5c9..b3589003e6ba3cf44e3f99b18d3173cf765e479d 100644 (file)
--- a/patches/0002-batman-adv-check-for-more-types-of-invalid-IP-addres.patch
+++ b/patches/0002-batman-adv-check-for-more-types-of-invalid-IP-addres.patch
@@ -1,7 +1,7 @@
 From 3b24193d7cfc18f0cc005811ca4aab3479c2f1c6 Mon Sep 17 00:00:00 2001
 From: Matthias Schiffer <mschiffer@universe-factory.net>
 Date: Thu, 24 Jan 2013 18:18:26 +0100
-Subject: [PATCH 2/3] batman-adv: check for more types of invalid IP addresses
+Subject: [PATCH 2/4] batman-adv: check for more types of invalid IP addresses
  in DAT
 
 There are more types of IP addresses that may appear in ARP packets that we
diff --git a/patches/0003-batman-adv-filter-ARP-packets-with-invalid-MAC-addre.patch b/patches/0003-batman-adv-filter-ARP-packets-with-invalid-MAC-addre.patch
index bba38041cd40afca399de91ff2d894aa29852268..1e8cb16af0e9c540850896efd41809ee8073e15f 100644 (file)
--- a/patches/0003-batman-adv-filter-ARP-packets-with-invalid-MAC-addre.patch
+++ b/patches/0003-batman-adv-filter-ARP-packets-with-invalid-MAC-addre.patch
@@ -1,7 +1,7 @@
 From ab361a9ccc584e7501c06bfe1c00cb0411feebaf Mon Sep 17 00:00:00 2001
 From: Matthias Schiffer <mschiffer@universe-factory.net>
 Date: Thu, 24 Jan 2013 18:18:27 +0100
-Subject: [PATCH 3/3] batman-adv: filter ARP packets with invalid MAC
+Subject: [PATCH 3/4] batman-adv: filter ARP packets with invalid MAC
  addresses in DAT
 
 We never want multicast MAC addresses in the Distributed ARP Table, so it's
diff --git a/patches/0004-batman-adv-Fix-NULL-pointer-dereference-in-DAT-hash-.patch b/patches/0004-batman-adv-Fix-NULL-pointer-dereference-in-DAT-hash-.patch
new file mode 100644 (file)
index 0000000..71248f6
--- /dev/null
+++ b/patches/0004-batman-adv-Fix-NULL-pointer-dereference-in-DAT-hash-.patch
@@ -0,0 +1,38 @@
+From 9f1fb6914d66e282c2b1f51aa2d4a231c84df84d Mon Sep 17 00:00:00 2001
+From: Pau Koning <paukoning@gmail.com>
+Date: Fri, 15 Feb 2013 00:18:56 +0100
+Subject: [PATCH 4/4] batman-adv: Fix NULL pointer dereference in DAT hash
+ collision avoidance
+
+An entry in DAT with the hashed position of 0 can cause a NULL pointer
+dereference when the first entry is checked by batadv_choose_next_candidate.
+This first candidate automatically has the max value of 0 and the max_orig_node
+of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible
+will lead to a NULL pointer dereference when checking for the lowest address.
+
+This problem was added in 785ea1144182c341b8b85b0f8180291839d176a8
+("batman-adv: Distributed ARP Table - create DHT helper functions").
+
+Signed-off-by: Pau Koning <paukoning@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
+---
+ distributed-arp-table.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/distributed-arp-table.c b/distributed-arp-table.c
+index ea0bd31..761a590 100644
+--- a/distributed-arp-table.c
++++ b/distributed-arp-table.c
+@@ -440,7 +440,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res,
+       /* this is an hash collision with the temporary selected node. Choose
+        * the one with the lowest address
+        */
+-      if ((tmp_max == max) &&
++      if ((tmp_max == max) && max_orig_node &&
+           (batadv_compare_eth(candidate->orig, max_orig_node->orig) > 0))
+               goto out;
+-- 
+1.7.10.4
+
Mirror of routing feed