]> git.ipfire.org Git - thirdparty/linux.git/commit
projects / thirdparty / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 83ab69b) | patch
batman-adv: bla: avoid NULL-ptr deref for claim via dropped interface
authorSven Eckelmann <sven@narfation.org>
Tue, 19 May 2026 07:23:49 +0000 (09:23 +0200)
committerSven Eckelmann <sven@narfation.org>
Tue, 19 May 2026 08:43:54 +0000 (10:43 +0200)
commitf80d3d98d2ff78d9e2fe5d68b1f45948c4f7bd24
tree863a4b286170ff60adbc6a4a1c1884f1108be8d6tree | snapshot
parent83ab69bd12b80f6ea169c8bea6977701b53a043dcommit | diff
batman-adv: bla: avoid NULL-ptr deref for claim via dropped interface

Without rtnl_lock held, a hardif might be retrieved as primary interface of
a meshif, but then (while operating on this interface) getting decoupled
from the mesh interface. In this case, the meshif still exists but the
pointer from the primary hardif to the meshif is set to NULL.

The mesh_iface must be checked first to be non-NULL before continuing to
send an ARP request using meshif.

Cc: stable@kernel.org
Fixes: 23721387c409 ("batman-adv: add basic bridge loop avoidance code")
Reported-by: Ido Schimmel <idosch@nvidia.com>
Reported-by: syzbot+9fdcc9f05a98a540b816@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=9fdcc9f05a98a540b816
Signed-off-by: Sven Eckelmann <sven@narfation.org>
net/batman-adv/bridge_loop_avoidance.c diff | blob | blame | history
A mirror of Linus' kernel repository