Hi,
This patch fixes potential null pointer dereference (I never experiment
such crash).
The patch is made for net-2.6.17.
Regards,
Jean-Mickael
Signed-off-by: [EMAIL PROTECTED]
--
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 8df9eb9..8393f45 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -716,16 +716,18 @@ static void ipv6_del_addr(struct inet6_i
ipv6_addr_prefix(&prefix, &ifp->addr, ifp->prefix_len);
rt = rt6_lookup(&prefix, NULL, ifp->idev->dev->ifindex, 1);
- if (rt && ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) ==
0)) {
- if (onlink == 0) {
- ip6_del_rt(rt, NULL, NULL, NULL);
- rt = NULL;
- } else if (!(rt->rt6i_flags & RTF_EXPIRES)) {
- rt->rt6i_expires = expires;
- rt->rt6i_flags |= RTF_EXPIRES;
+ if (rt) {
+ if ((rt->rt6i_flags & (RTF_GATEWAY | RTF_DEFAULT)) ==
0) {
+ if (onlink == 0) {
+ ip6_del_rt(rt, NULL, NULL, NULL);
+ rt = NULL;
+ } else if (!(rt->rt6i_flags & RTF_EXPIRES)) {
+ rt->rt6i_expires = expires;
+ rt->rt6i_flags |= RTF_EXPIRES;
+ }
}
+ dst_release(&rt->u.dst);
}
- dst_release(&rt->u.dst);
}
in6_ifa_put(ifp);
