From 6f30e1867cb73602c6ed7f97e15a48e0a0c96cde Mon Sep 17 00:00:00 2001 From: Florian Zumbiehl Date: Sun, 4 Mar 2007 16:03:22 -0800 Subject: [PPPOE]: Use ifindex instead of device pointer in key lookups. Otherwise we can potentially try to dereference a NULL device pointer in some cases. Signed-off-by: David S. Miller --- drivers/net/pppoe.c | 11 ++++++----- include/linux/if_pppox.h | 2 ++ 2 files changed, 8 insertions(+), 5 deletions(-) diff --git a/drivers/net/pppoe.c b/drivers/net/pppoe.c index 86e56f1..ebfa296 100644 --- a/drivers/net/pppoe.c +++ b/drivers/net/pppoe.c @@ -140,7 +140,7 @@ static struct pppox_sock *__get_item(unsigned long sid, unsigned char *addr, int ret = item_hash_table[hash]; - while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex)) + while (ret && !(cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex)) ret = ret->next; return ret; @@ -153,7 +153,7 @@ static int __set_item(struct pppox_sock *po) ret = item_hash_table[hash]; while (ret) { - if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_dev->ifindex == po->pppoe_dev->ifindex) + if (cmp_2_addr(&ret->pppoe_pa, &po->pppoe_pa) && ret->pppoe_ifindex == po->pppoe_ifindex) return -EALREADY; ret = ret->next; @@ -174,7 +174,7 @@ static struct pppox_sock *__delete_item(unsigned long sid, char *addr, int ifind src = &item_hash_table[hash]; while (ret) { - if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_dev->ifindex == ifindex) { + if (cmp_addr(&ret->pppoe_pa, sid, addr) && ret->pppoe_ifindex == ifindex) { *src = ret->next; break; } @@ -529,7 +529,7 @@ static int pppoe_release(struct socket *sock) po = pppox_sk(sk); if (po->pppoe_pa.sid) { - delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_dev->ifindex); + delete_item(po->pppoe_pa.sid, po->pppoe_pa.remote, po->pppoe_ifindex); } if (po->pppoe_dev) @@ -577,7 +577,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, pppox_unbind_sock(sk); /* Delete the old binding */ - delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_dev->ifindex); + delete_item(po->pppoe_pa.sid,po->pppoe_pa.remote,po->pppoe_ifindex); if(po->pppoe_dev) dev_put(po->pppoe_dev); @@ -597,6 +597,7 @@ static int pppoe_connect(struct socket *sock, struct sockaddr *uservaddr, goto end; po->pppoe_dev = dev; + po->pppoe_ifindex = dev->ifindex; if (!(dev->flags & IFF_UP)) goto err_put; diff --git a/include/linux/if_pppox.h b/include/linux/if_pppox.h index 4fab3d0..e33ee76 100644 --- a/include/linux/if_pppox.h +++ b/include/linux/if_pppox.h @@ -114,6 +114,7 @@ struct pppoe_hdr { #ifdef __KERNEL__ struct pppoe_opt { struct net_device *dev; /* device associated with socket*/ + int ifindex; /* ifindex of device associated with socket */ struct pppoe_addr pa; /* what this socket is bound to*/ struct sockaddr_pppox relay; /* what socket data will be relayed to (PPPoE relaying) */ @@ -132,6 +133,7 @@ struct pppox_sock { unsigned short num; }; #define pppoe_dev proto.pppoe.dev +#define pppoe_ifindex proto.pppoe.ifindex #define pppoe_pa proto.pppoe.pa #define pppoe_relay proto.pppoe.relay -- cgit v1.1