On Monday, 7 January 2019 19.49.06 CET Linus Lüssing wrote: [...]
I seem to be able to trigger a null pointer dereference for this batadv_hardif_put() call here. With the following steps I end up with a primary_if == NULL:
$ batctl if add 1
root@Linus-Debian:~# batctl o Error - interface bat0 is not present or not a batman-adv interface root@Linus-Debian:~# batctl if add 1 Error - interface does not exist: 1 root@Linus-Debian:~# batctl o Killed root@Linus-Debian:~# root@Linus-Debian:~# root@Linus-Debian:~# batctl o
You can reproduce it easier with (destroy is only there to make sure that the bat0 is really empty before the originator dump):
batctl if destroy batctl if create batctl o
The check before
batadv_hardif_put(primary_if);
is missing. So it should actually be (like in the nla_put_failure case):
if (primary_if) batadv_hardif_put(primary_if);
And "batctl if add" is basically a short version of:
batctl if create batctl if add -M XXXX
And in your test, only the second part failed.
Kind regards, Sven