Message ID | 1299660253-4446-1-git-send-email-remi.denis-courmont@nokia.com |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c index 30cc676..4706b77 100644 --- a/net/phonet/af_phonet.c +++ b/net/phonet/af_phonet.c @@ -262,10 +262,9 @@ int pn_skb_send(struct sock *sk, struct sk_buff *skb, else if (phonet_address_lookup(net, daddr) == 0) { dev = phonet_device_get(net); skb->pkt_type = PACKET_LOOPBACK; - } else if (pn_sockaddr_get_object(target) == 0) { + } else if (dst == 0) { /* Resource routing (small race until phonet_rcv()) */ - struct sock *sk = pn_find_sock_by_res(net, - target->spn_resource); + struct sock *sk = pn_find_sock_by_res(net, res); if (sk) { sock_put(sk); dev = phonet_device_get(net);
The previous Phonet patch series introduced per-socket implicit destination (i.e. connect()). In that case, the destination socket address is NULL in the transmit function. However commit a8059512b120362b15424f152b2548fe8b11bd0c ("Phonet: implement per-socket destination/peer address") is incomplete and would trigger a NULL dereference. (Fortunately, the code is not in released kernel, and in fact currently not reachable.) Signed-off-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com> --- net/phonet/af_phonet.c | 5 ++--- 1 files changed, 2 insertions(+), 3 deletions(-)