From a1b7ab0836a56fa4c9578f88ba1042398d7d9316 Mon Sep 17 00:00:00 2001 From: Jason Wang Date: Sun, 9 Oct 2011 10:56:44 +0800 Subject: ipv6: fix NULL dereference in udp6_ufo_fragment() This patch fixes the issue caused by ef81bb40bf15f350fe865f31fa42f1082772a576 which is a backport of upstream 87c48fa3b4630905f98268dde838ee43626a060c. The problem does not exist in upstream. We do not check whether route is attached before trying to assign ip identification through route dest which lead NULL pointer dereference. This happens when host bridge transmit a packet from guest. This patch changes ipv6_select_ident() to accept in6_addr as its paramter and fix the issue by using the destination address in ipv6 header when no route is attached. Signed-off-by: Jason Wang Acked-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- include/net/ipv6.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include') diff --git a/include/net/ipv6.h b/include/net/ipv6.h index 3b5ac1f..c39121f 100644 --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -463,7 +463,7 @@ static inline int ipv6_addr_diff(const struct in6_addr *a1, const struct in6_add return __ipv6_addr_diff(a1, a2, sizeof(struct in6_addr)); } -extern void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt); +extern void ipv6_select_ident(struct frag_hdr *fhdr, struct in6_addr *addr); /* * Prototypes exported by ipv6 -- cgit v1.1