xt_pknock: cure NULL dereference

The original patch for long division on x86 didn't take into account
the use of short circuit logic for checking if peer is NULL before
testing it. Here is a revised patch to v3.16.

diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index 8fc3358b0f9f581f1115a1afe5c60f2a211aa57c..4e8ab2d188a5149ce772edcaadbfb419638ba827 100644 (file)
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -311,9 +311,13 @@ static void update_rule_gc_timer(struct xt_pknock_rule *rule)
 static inline bool
 autoclose_time_passed(const struct peer *peer, unsigned int autoclose_time)
 {
-       unsigned long x = ktime_get_seconds();
-       unsigned long y = peer->login_sec + autoclose_time * 60;
-       return peer != NULL && autoclose_time != 0 && time_after(x, y);
+       if (peer != NULL) {
+               unsigned long x = ktime_get_seconds();
+               unsigned long y = peer->login_sec + autoclose_time * 60;
+               return autoclose_time != 0 && time_after(x, y);
+       } else {
+               return 0;
+       }
 }
 
 /**
@@ -335,8 +339,12 @@ is_interknock_time_exceeded(const struct peer *peer, unsigned int max_time)
 static inline bool
 has_logged_during_this_minute(const struct peer *peer)
 {
-       unsigned long x = ktime_get_seconds(), y = peer->login_sec;
-       return peer != NULL && do_div(y, 60) == do_div(x, 60);
+       if (peer != NULL) {
+               unsigned long x = ktime_get_seconds(), y = peer->login_sec;
+               return do_div(y, 60) == do_div(x, 60);
+       } else {
+               return 0;
+       }
 }
 
 /**