From: Antonio Quartulli <a@unstable.cc>
To: The list for a Better Approach To Mobile Ad-hoc Networking
<b.a.t.m.a.n@lists.open-mesh.org>
Subject: Re: [B.A.T.M.A.N.] [PATCH maint] batman-adv: Fix double neigh_node_put in batadv_v_ogm_route_update
Date: Sat, 7 May 2016 17:15:14 +0800 [thread overview]
Message-ID: <20160507091514.GC3907@prodigo.lan> (raw)
In-Reply-To: <1656407.PytZZyZNAi@sven-edge>
[-- Attachment #1: Type: text/plain, Size: 1896 bytes --]
On Sat, May 07, 2016 at 09:03:13AM +0200, Sven Eckelmann wrote:
> On Friday 06 May 2016 22:27:09 Sven Eckelmann wrote:
> > The router is put down twice when it was non-NULL and either orig_ifinfo is
> > NULL afterwards or batman-adv receives a packet with the same sequence
> > number. This will end up in a use-after-free when the batadv_neigh_node is
> > removed because the reference counter ended up too early at 0.
> >
> > Fixes: 667996ebeab4 ("batman-adv: OGMv2 - implement originators logic")
> > Signed-off-by: Sven Eckelmann <sven@narfation.org>
> [...]
>
> There is a conflict with master. I hope that Antonio can share how it can be
> resolved when he submits following remaining fixes to David:
>
> * batman-adv: Fix integer overflow in batadv_iv_ogm_calc_tq
> * batman-adv: Avoid duplicate neigh_node additions
> * batman-adv: make sure ELP/OGM orig MAC is updated on address change
> * batman-adv: Fix unexpected free of bcast_own on add_if error
> * batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob
> * batman-adv: Fix refcnt leak in batadv_v_neigh_*
> * batman-adv: Fix double neigh_node_put in batadv_v_ogm_route_update
>
> The solution for the merge conflict with master is:
>
> --- a/net/batman-adv/bat_v_ogm.c
> +++ b/net/batman-adv/bat_v_ogm.c
> @@ -510,17 +510,10 @@
> goto out;
> }
>
> -<<<<<<<
> /* Mark the OGM to be considered for forwarding, and update routes
> * if needed.
> */
> forward = true;
> -=======
> - if (router) {
> - batadv_neigh_node_put(router);
> - router = NULL;
> - }
> ->>>>>>>
>
> batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
> "Searching and updating originator entry of received packet\n");
Thanks a lot for this.
Cheers,
--
Antonio Quartulli
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2016-05-07 9:15 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-05-06 20:27 [B.A.T.M.A.N.] [PATCH maint] batman-adv: Fix double neigh_node_put in batadv_v_ogm_route_update Sven Eckelmann
2016-05-07 7:03 ` Sven Eckelmann
2016-05-07 9:15 ` Antonio Quartulli [this message]
2016-05-07 9:33 ` Antonio Quartulli
2016-05-07 12:07 ` Marek Lindner
2016-05-07 12:29 ` [B.A.T.M.A.N.] no able to switch routing algo to V ? contact
2016-05-07 13:14 ` Sven Eckelmann
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160507091514.GC3907@prodigo.lan \
--to=a@unstable.cc \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.