From: Patrick McHardy Date: Tue, 5 Dec 2006 21:46:13 +0000 (-0800) Subject: [NET_SCHED]: cls_fw: fix NULL pointer dereference X-Git-Tag: firefly_0821_release~31885^2~14^2~15^2~21 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=5c804bfdcca2593422dd6edc2d7db4dba645543c;p=firefly-linux-kernel-4.4.55.git [NET_SCHED]: cls_fw: fix NULL pointer dereference When the first fw classifier is initialized, there is a small window between the ->init() and ->change() calls, during which the classifier is active but not entirely set up and tp->root is still NULL (->init() does nothing). When a packet is queued during this window a NULL pointer dereference occurs in fw_classify() when trying to dereference head->mask; Signed-off-by: Patrick McHardy Signed-off-by: David S. Miller --- diff --git a/net/sched/cls_fw.c b/net/sched/cls_fw.c index f59a2c4aa039..c797d6ada7de 100644 --- a/net/sched/cls_fw.c +++ b/net/sched/cls_fw.c @@ -101,9 +101,10 @@ static int fw_classify(struct sk_buff *skb, struct tcf_proto *tp, struct fw_head *head = (struct fw_head*)tp->root; struct fw_filter *f; int r; - u32 id = skb->mark & head->mask; + u32 id = skb->mark; if (head != NULL) { + id &= head->mask; for (f=head->ht[fw_hash(id)]; f; f=f->next) { if (f->id == id) { *res = f->res;