On 09/18/2015 04:46 PM, erik.hu...@ericsson.com wrote: > From: Erik Hugne <erik.hu...@ericsson.com> > > The msg pointer into header may change after skb linearization. > We must reinitialize it after calling skb_linearize to prevent > operating on a freed or invalid pointer. > > Signed-off-by: Erik Hugne <erik.hu...@ericsson.com> > Reported-by: Tamás Végh <tamas.v...@ericsson.com>
Acked-by: Ying Xue <ying....@windriver.com> > --- > net/tipc/msg.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/tipc/msg.c b/net/tipc/msg.c > index 562c926..c5ac436 100644 > --- a/net/tipc/msg.c > +++ b/net/tipc/msg.c > @@ -539,6 +539,7 @@ bool tipc_msg_lookup_dest(struct net *net, struct sk_buff > *skb, int *err) > *err = -TIPC_ERR_NO_NAME; > if (skb_linearize(skb)) > return false; > + msg = buf_msg(skb); > if (msg_reroute_cnt(msg)) > return false; > dnode = addr_domain(net, msg_lookup_scope(msg)); > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
