From: Kumar Sanghvi <[email protected]> commit a91e7d471e2e384035b9746ea707ccdcd353f5dd upstream.
Retrieve the header after doing pskb_may_pull since, pskb_may_pull could change the buffer structure. This is based on the comment given by Eric Dumazet on Phonet Pipe controller patch for a similar problem. Signed-off-by: Kumar Sanghvi <[email protected]> Acked-by: Linus Walleij <[email protected]> Acked-by: Eric Dumazet <[email protected]> Acked-by: RĂ©mi Denis-Courmont <[email protected]> Signed-off-by: David S. Miller <[email protected]> Signed-off-by: Paul Gortmaker <[email protected]> --- net/phonet/pep.c | 3 ++- 1 files changed, 2 insertions(+), 1 deletions(-) diff --git a/net/phonet/pep.c b/net/phonet/pep.c index e2a9576..dc1e8ae 100644 --- a/net/phonet/pep.c +++ b/net/phonet/pep.c @@ -225,12 +225,13 @@ static void pipe_grant_credits(struct sock *sk) static int pipe_rcv_status(struct sock *sk, struct sk_buff *skb) { struct pep_sock *pn = pep_sk(sk); - struct pnpipehdr *hdr = pnp_hdr(skb); + struct pnpipehdr *hdr; int wake = 0; if (!pskb_may_pull(skb, sizeof(*hdr) + 4)) return -EINVAL; + hdr = pnp_hdr(skb); if (hdr->data[0] != PN_PEP_TYPE_COMMON) { LIMIT_NETDEBUG(KERN_DEBUG"Phonet unknown PEP type: %u\n", (unsigned)hdr->data[0]); -- 1.7.3.3 _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
