Commit 6f30e186 authored by Florian Zumbiehl's avatar Florian Zumbiehl Committed by David S. Miller

[PPPOE]: Use ifindex instead of device pointer in key lookups.

Otherwise we can potentially try to dereference a NULL device
pointer in some cases.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent bc5f7743
...@@ -140,7 +140,7 @@ static struct pppox_sock *__get_item(unsigned long sid, unsigned char *addr, int ...@@ -140,7 +140,7 @@ static struct pppox_sock *__get_item(unsigned long sid, unsigned char *addr, int
ret = item_hash_table[hash]; ret = item_hash_table[hash];
while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex)) while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex))
ret = ret->next; ret = ret->next;
return ret; return ret;
...@@ -153,7 +153,7 @@ static int __set_item(struct pppox_sock *po) ...@@ -153,7 +153,7 @@ static int __set_item(struct pppox_sock *po)
ret = item_hash_table[hash]; ret = item_hash_table[hash];
while (ret) { while (ret) {
if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_dev->ifindex == po->pppoe_dev->ifindex) if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_ifindex == po->pppoe_ifindex)
return -EALREADY; return -EALREADY;
ret = ret->next; ret = ret->next;
...@@ -174,7 +174,7 @@ static struct pppox_sock *__delete_item(unsigned long sid, char *addr, int ifind ...@@ -174,7 +174,7 @@ static struct pppox_sock *__delete_item(unsigned long sid, char *addr, int ifind
src = &item_hash_table[hash]; src = &item_hash_table[hash];
while (ret) { while (ret) {
if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex) { if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex) {
*src = ret->next; *src = ret->next;
break; break;
} }
...@@ -529,7 +529,7 @@ static int pppoe_release(struct socket *sock) ...@@ -529,7 +529,7 @@ static int pppoe_release(struct socket *sock)
po = pppox_sk(sk); po = pppox_sk(sk);
if (po->pppoe_pa.sid) { if (po->pppoe_pa.sid) {
delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_dev->ifindex); delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_ifindex);
} }
if (po->pppoe_dev) if (po->pppoe_dev)
...@@ -577,7 +577,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, ...@@ -577,7 +577,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
pppox_unbind_sock(sk); pppox_unbind_sock(sk);
/* Delete the old binding */ /* Delete the old binding */
delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_dev->ifindex); delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_ifindex);
if(po->pppoe_dev) if(po->pppoe_dev)
dev_put(po->pppoe_dev); dev_put(po->pppoe_dev);
...@@ -597,6 +597,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, ...@@ -597,6 +597,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
goto end; goto end;
po->pppoe_dev = dev; po->pppoe_dev = dev;
po->pppoe_ifindex = dev->ifindex;
if (!(dev->flags & IFF_UP)) if (!(dev->flags & IFF_UP))
goto err_put; goto err_put;
......
...@@ -114,6 +114,7 @@ struct pppoe_hdr { ...@@ -114,6 +114,7 @@ struct pppoe_hdr {
#ifdef __KERNEL__ #ifdef __KERNEL__
struct pppoe_opt { struct pppoe_opt {
struct net_device *dev; /* device associated with socket*/ struct net_device *dev; /* device associated with socket*/
int ifindex; /* ifindex of device associated with socket */
struct pppoe_addr pa; /* what this socket is bound to*/ struct pppoe_addr pa; /* what this socket is bound to*/
struct sockaddr_pppox relay; /* what socket data will be struct sockaddr_pppox relay; /* what socket data will be
relayed to (PPPoE relaying) */ relayed to (PPPoE relaying) */
...@@ -132,6 +133,7 @@ struct pppox_sock { ...@@ -132,6 +133,7 @@ struct pppox_sock {
unsigned short num; unsigned short num;
}; };
#define pppoe_dev proto.pppoe.dev #define pppoe_dev proto.pppoe.dev
#define pppoe_ifindex proto.pppoe.ifindex
#define pppoe_pa proto.pppoe.pa #define pppoe_pa proto.pppoe.pa
#define pppoe_relay proto.pppoe.relay #define pppoe_relay proto.pppoe.relay
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment