From 0aa7fabbd5d9da1f8a8fdc3e2837c532bcfa5664 Mon Sep 17 00:00:00 2001 From: Bob Copeland Date: Fri, 18 Mar 2016 22:11:28 -0400 Subject: [PATCH] mac80211: mesh: handle failed alloc for rmc cache In the unlikely case that mesh_rmc_init() fails with -ENOMEM, the rmc pointer will be left as NULL but the interface is still operational because ieee80211_mesh_init_sdata() is not allowed to fail. If this happens, we would blindly dereference rmc when checking whether a multicast frame is in the cache. Instead just drop the frames in the forwarding path. Signed-off-by: Bob Copeland Signed-off-by: Johannes Berg --- net/mac80211/mesh.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/mac80211/mesh.c b/net/mac80211/mesh.c index a216c439b6f2..d0d8eeaa8129 100644 --- a/net/mac80211/mesh.c +++ b/net/mac80211/mesh.c @@ -220,6 +220,9 @@ int mesh_rmc_check(struct ieee80211_sub_if_data *sdata, u8 idx; struct rmc_entry *p, *n; + if (!rmc) + return -1; + /* Don't care about endianness since only match matters */ memcpy(&seqnum, &mesh_hdr->seqnum, sizeof(mesh_hdr->seqnum)); idx = le32_to_cpu(mesh_hdr->seqnum) & rmc->idx_mask;