diff options
author | Florian Zumbiehl <florz@gmx.de> | 2007-03-04 16:03:22 -0800 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2007-03-05 13:25:28 -0800 |
commit | 6f30e1867cb73602c6ed7f97e15a48e0a0c96cde (patch) | |
tree | 4715c38e7555c42b92dbb8cf27afcde68a144cb8 | |
parent | bc5f77434721a84705601e4d448d331c73900759 (diff) | |
download | lwn-6f30e1867cb73602c6ed7f97e15a48e0a0c96cde.tar.gz lwn-6f30e1867cb73602c6ed7f97e15a48e0a0c96cde.zip |
[PPPOE]: Use ifindex instead of device pointer in key lookups.
Otherwise we can potentially try to dereference a NULL device
pointer in some cases.
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/net/pppoe.c | 11 | ||||
-rw-r--r-- | include/linux/if_pppox.h | 2 |
2 files changed, 8 insertions, 5 deletions
diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c index 86e56f1f2f0b..ebfa2967cd68 100644 --- a/drivers/net/pppoe.c +++ b/drivers/net/pppoe.c @@ -140,7 +140,7 @@ static struct pppox_sock *__get_item(unsigned long sid, unsigned char *addr, int ret = item_hash_table[hash]; - while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex)) + while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex)) ret = ret->next; return ret; @@ -153,7 +153,7 @@ static int __set_item(struct pppox_sock *po) ret = item_hash_table[hash]; while (ret) { - if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_dev->ifindex == po->pppoe_dev->ifindex) + if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_ifindex == po->pppoe_ifindex) return -EALREADY; ret = ret->next; @@ -174,7 +174,7 @@ static struct pppox_sock *__delete_item(unsigned long sid, char *addr, int ifind src = &item_hash_table[hash]; while (ret) { - if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex) { + if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex) { *src = ret->next; break; } @@ -529,7 +529,7 @@ static int pppoe_release(struct socket *sock) po = pppox_sk(sk); if (po->pppoe_pa.sid) { - delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_dev->ifindex); + delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_ifindex); } if (po->pppoe_dev) @@ -577,7 +577,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, pppox_unbind_sock(sk); /* Delete the old binding */ - delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_dev->ifindex); + delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_ifindex); if(po->pppoe_dev) dev_put(po->pppoe_dev); @@ -597,6 +597,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, goto end; po->pppoe_dev = dev; + po->pppoe_ifindex = dev->ifindex; if (!(dev->flags & IFF_UP)) goto err_put; diff --git a/include/linux/if_pppox.h b/include/linux/if_pppox.h index 4fab3d0a4bce..e33ee763c052 100644 --- a/include/linux/if_pppox.h +++ b/include/linux/if_pppox.h @@ -114,6 +114,7 @@ struct pppoe_hdr { #ifdef __KERNEL__ struct pppoe_opt { struct net_device *dev; /* device associated with socket*/ + int ifindex; /* ifindex of device associated with socket */ struct pppoe_addr pa; /* what this socket is bound to*/ struct sockaddr_pppox relay; /* what socket data will be relayed to (PPPoE relaying) */ @@ -132,6 +133,7 @@ struct pppox_sock { unsigned short num; }; #define pppoe_dev proto.pppoe.dev +#define pppoe_ifindex proto.pppoe.ifindex #define pppoe_pa proto.pppoe.pa #define pppoe_relay proto.pppoe.relay |