Re: [PATCH] Phonet: Correct header retrieval after pskb_may_pull
From: Rémi Denis-Courmont <hidden>
Date: 2010-09-28 21:24:03
On Tuesday 28 September 2010 12:10:42 ext Kumar A Sanghvi, you wrote:
quoted hunk ↗ jump to hunk
From: Kumar Sanghvi <redacted> Retrieve the header after doing pskb_may_pull since, pskb_may_pull could change the buffer structure. This is based on the comment given by Eric Dumazet on Phonet Pipe controller patch for a similar problem. Signed-off-by: Kumar Sanghvi <redacted> Acked-by: Linus Walleij <redacted> --- net/phonet/pep.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-)diff --git a/net/phonet/pep.c b/net/phonet/pep.c index 7bf23cf..9746c6d 100644 --- a/net/phonet/pep.c +++ b/net/phonet/pep.c@@ -507,12 +507,13 @@ static void pipe_grant_credits(struct sock *sk) static int pipe_rcv_status(struct sock *sk, struct sk_buff *skb) { struct pep_sock *pn = pep_sk(sk); - struct pnpipehdr *hdr = pnp_hdr(skb); + struct pnpipehdr *hdr; int wake = 0; if (!pskb_may_pull(skb, sizeof(*hdr) + 4)) return -EINVAL; + hdr = pnp_hdr(skb); if (hdr->data[0] != PN_PEP_TYPE_COMMON) { LIMIT_NETDEBUG(KERN_DEBUG"Phonet unknown PEP type: %u\n", (unsigned)hdr->data[0]);
Acked-by: Rémi Denis-Courmont <redacted> Thanks! -- Rémi Denis-Courmont Nokia Devices R&D, Maemo Software, Helsinki