[B.A.T.M.A.N.] Possible null pointer dereference in batman's update_routes

[B.A.T.M.A.N.] Possible null pointer dereference in batman's update_routes

[Sven Eckelmann]

[-- Attachment #1: Type: text/plain, Size: 483 bytes --]

Hi,
I am not sure but I think it could be possible that there is a null pointer 
dereference at batman.c:420
I assume that it is possible that neigh_node is NULL and orig_node->router is 
also NULL in batman.c:412. Now we dereference neigh_node in batman.c:420 as 
third parameter of add_del_route.
I don't know if the third parameter should be set to 0 if neigh_node is NULL 
or if the "if"-statement is wrong - so i will not send a patch this time.

Best regards,
	Sven

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: [B.A.T.M.A.N.] Possible null pointer dereference in batman's update_routes

[Marek Lindner]

Hi,

> I am not sure but I think it could be possible that there is a null pointer
> dereference at batman.c:420
> I assume that it is possible that neigh_node is NULL and orig_node->router
> is also NULL in batman.c:412. Now we dereference neigh_node in batman.c:420
> as third parameter of add_del_route.
> I don't know if the third parameter should be set to 0 if neigh_node is
> NULL or if the "if"-statement is wrong - so i will not send a patch this
> time.

this one is a bit tricky (may be we should add a comment there). In line 386 
we prevent that null pointer dereference:

orig_node->router != neigh_node

If both variables are NULL it would fail here.  :-)


Greetings,
Marek