Re: [B.A.T.M.A.N.] [PATCH] Even Batman should not dereference NULL pointers

On Thursday 13 January 2011 21:53:38 Jesper Juhl wrote:

There's a problem in net/batman-adv/unicast.c::frag_send_skb(). dev_alloc_skb() allocates memory and may fail, thus returning NULL. If this happens we'll pass a NULL pointer on to skb_split() which in turn hands it to skb_split_inside_header() from where it gets passed to skb_put() that lets skb_tail_pointer() play with it and that function dereferences it. And thus the bat dies.

While I was at it I also moved the call to dev_alloc_skb() above the assignment to 'unicast_packet' since there's no reason to do that assignment if the memory allocation fails.

Applied

Thanks, Sven