Commit 4e3ae001 authored by Erik Hugne's avatar Erik Hugne Committed by David S. Miller

tipc: reinitialize pointer after skb linearize

The msg pointer into header may change after skb linearization.
We must reinitialize it after calling skb_linearize to prevent
operating on a freed or invalid pointer.
Signed-off-by: default avatarErik Hugne <erik.hugne@ericsson.com>
Reported-by: default avatarTamás Végh <tamas.vegh@ericsson.com>
Acked-by: default avatarYing Xue <ying.xue@windriver.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent aab0c0e6
...@@ -539,6 +539,7 @@ bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err) ...@@ -539,6 +539,7 @@ bool tipc_msg_lookup_dest(struct net *net, struct sk_buff *skb, int *err)
*err = -TIPC_ERR_NO_NAME; *err = -TIPC_ERR_NO_NAME;
if (skb_linearize(skb)) if (skb_linearize(skb))
return false; return false;
msg = buf_msg(skb);
if (msg_reroute_cnt(msg)) if (msg_reroute_cnt(msg))
return false; return false;
dnode = addr_domain(net, msg_lookup_scope(msg)); dnode = addr_domain(net, msg_lookup_scope(msg));
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment