summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFlorian Zumbiehl <florz@gmx.de>2007-03-04 16:03:22 -0800
committerDavid S. Miller <davem@sunset.davemloft.net>2007-03-05 13:25:28 -0800
commit6f30e1867cb73602c6ed7f97e15a48e0a0c96cde (patch)
tree4715c38e7555c42b92dbb8cf27afcde68a144cb8
parentbc5f77434721a84705601e4d448d331c73900759 (diff)
downloadlwn-6f30e1867cb73602c6ed7f97e15a48e0a0c96cde.tar.gz
lwn-6f30e1867cb73602c6ed7f97e15a48e0a0c96cde.zip
[PPPOE]: Use ifindex instead of device pointer in key lookups.
Otherwise we can potentially try to dereference a NULL device pointer in some cases. Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--drivers/net/pppoe.c11
-rw-r--r--include/linux/if_pppox.h2
2 files changed, 8 insertions, 5 deletions
diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c
index 86e56f1f2f0b..ebfa2967cd68 100644
--- a/drivers/net/pppoe.c
+++ b/drivers/net/pppoe.c
@@ -140,7 +140,7 @@ static struct pppox_sock *__get_item(unsigned long sid, unsigned char *addr, int
ret = item_hash_table[hash];
- while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex))
+ while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex))
ret = ret->next;
return ret;
@@ -153,7 +153,7 @@ static int __set_item(struct pppox_sock *po)
ret = item_hash_table[hash];
while (ret) {
- if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_dev->ifindex == po->pppoe_dev->ifindex)
+ if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_ifindex == po->pppoe_ifindex)
return -EALREADY;
ret = ret->next;
@@ -174,7 +174,7 @@ static struct pppox_sock *__delete_item(unsigned long sid, char *addr, int ifind
src = &item_hash_table[hash];
while (ret) {
- if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex) {
+ if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex) {
*src = ret->next;
break;
}
@@ -529,7 +529,7 @@ static int pppoe_release(struct socket *sock)
po = pppox_sk(sk);
if (po->pppoe_pa.sid) {
- delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_dev->ifindex);
+ delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_ifindex);
}
if (po->pppoe_dev)
@@ -577,7 +577,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
pppox_unbind_sock(sk);
/* Delete the old binding */
- delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_dev->ifindex);
+ delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_ifindex);
if(po->pppoe_dev)
dev_put(po->pppoe_dev);
@@ -597,6 +597,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr,
goto end;
po->pppoe_dev = dev;
+ po->pppoe_ifindex = dev->ifindex;
if (!(dev->flags & IFF_UP))
goto err_put;
diff --git a/include/linux/if_pppox.h b/include/linux/if_pppox.h
index 4fab3d0a4bce..e33ee763c052 100644
--- a/include/linux/if_pppox.h
+++ b/include/linux/if_pppox.h
@@ -114,6 +114,7 @@ struct pppoe_hdr {
#ifdef __KERNEL__
struct pppoe_opt {
struct net_device *dev; /* device associated with socket*/
+ int ifindex; /* ifindex of device associated with socket */
struct pppoe_addr pa; /* what this socket is bound to*/
struct sockaddr_pppox relay; /* what socket data will be
relayed to (PPPoE relaying) */
@@ -132,6 +133,7 @@ struct pppox_sock {
unsigned short num;
};
#define pppoe_dev proto.pppoe.dev
+#define pppoe_ifindex proto.pppoe.ifindex
#define pppoe_pa proto.pppoe.pa
#define pppoe_relay proto.pppoe.relay