From 977d8c6f9253ad71e4bd8e4be2705c3bee684feb Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Wed, 23 Jan 2013 18:11:53 +0100
-Subject: [PATCH 1/3] batman-adv: fix skb leak in
+Subject: [PATCH 1/4] batman-adv: fix skb leak in
batadv_dat_snoop_incoming_arp_reply()
The callers of batadv_dat_snoop_incoming_arp_reply() assume the skb has been
From 3b24193d7cfc18f0cc005811ca4aab3479c2f1c6 Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Thu, 24 Jan 2013 18:18:26 +0100
-Subject: [PATCH 2/3] batman-adv: check for more types of invalid IP addresses
+Subject: [PATCH 2/4] batman-adv: check for more types of invalid IP addresses
in DAT
There are more types of IP addresses that may appear in ARP packets that we
From ab361a9ccc584e7501c06bfe1c00cb0411feebaf Mon Sep 17 00:00:00 2001
From: Matthias Schiffer <mschiffer@universe-factory.net>
Date: Thu, 24 Jan 2013 18:18:27 +0100
-Subject: [PATCH 3/3] batman-adv: filter ARP packets with invalid MAC
+Subject: [PATCH 3/4] batman-adv: filter ARP packets with invalid MAC
addresses in DAT
We never want multicast MAC addresses in the Distributed ARP Table, so it's
--- /dev/null
+From 9f1fb6914d66e282c2b1f51aa2d4a231c84df84d Mon Sep 17 00:00:00 2001
+From: Pau Koning <paukoning@gmail.com>
+Date: Fri, 15 Feb 2013 00:18:56 +0100
+Subject: [PATCH 4/4] batman-adv: Fix NULL pointer dereference in DAT hash
+ collision avoidance
+
+An entry in DAT with the hashed position of 0 can cause a NULL pointer
+dereference when the first entry is checked by batadv_choose_next_candidate.
+This first candidate automatically has the max value of 0 and the max_orig_node
+of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible
+will lead to a NULL pointer dereference when checking for the lowest address.
+
+This problem was added in 785ea1144182c341b8b85b0f8180291839d176a8
+("batman-adv: Distributed ARP Table - create DHT helper functions").
+
+Signed-off-by: Pau Koning <paukoning@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
+---
+ distributed-arp-table.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/distributed-arp-table.c b/distributed-arp-table.c
+index ea0bd31..761a590 100644
+--- a/distributed-arp-table.c
++++ b/distributed-arp-table.c
+@@ -440,7 +440,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res,
+ /* this is an hash collision with the temporary selected node. Choose
+ * the one with the lowest address
+ */
+- if ((tmp_max == max) &&
++ if ((tmp_max == max) && max_orig_node &&
+ (batadv_compare_eth(candidate->orig, max_orig_node->orig) > 0))
+ goto out;
+
+--
+1.7.10.4
+