Ubuntu
linux-source-2.6.22 package

  1. Bug #130998
  2. Comment #14

Comment 14 for bug 130998

Revision history for this message
Marcus Granado (mrc-gran) wrote :

Why is this bug taking so long to fix? Network team, this problem is very simple to patch! (see heinz's link above):

http://bugzilla.kernel.org/attachment.cgi?id=13190&action=view
From 0b329a4fcff552bbd329c9c90896446170f9f7cb Mon Sep 17 00:00:00 2001
From: John W. Linville <email address hidden>
Date: Wed, 17 Oct 2007 17:07:12 -0400
Subject: [PATCH] zd1201: avoid null ptr access of skb->dev

skb->dev is not set until eth_type_trans is called...

Signed-off-by: John W. Linville <email address hidden>
---
 drivers/net/wireless/zd1201.c | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/drivers/net/wireless/zd1201.c b/drivers/net/wireless/zd1201.c
index 935b144..d5c0c66 100644
--- a/drivers/net/wireless/zd1201.c
+++ b/drivers/net/wireless/zd1201.c
@@ -327,8 +327,8 @@ static void zd1201_usbrx(struct urb *urb)
    memcpy(skb_put(skb, 6), &data[datalen-8], 6);
    memcpy(skb_put(skb, 2), &data[datalen-24], 2);
    memcpy(skb_put(skb, len), data, len);
- skb->dev->last_rx = jiffies;
    skb->protocol = eth_type_trans(skb, zd->dev);
+ skb->dev->last_rx = jiffies;
    zd->stats.rx_packets++;
    zd->stats.rx_bytes += skb->len;
    netif_rx(skb);
@@ -384,8 +384,8 @@ static void zd1201_usbrx(struct urb *urb)
    memcpy(skb_put(skb, 2), &data[6], 2);
    memcpy(skb_put(skb, len), data+8, len);
   }
- skb->dev->last_rx = jiffies;
   skb->protocol = eth_type_trans(skb, zd->dev);
+ skb->dev->last_rx = jiffies;
   zd->stats.rx_packets++;
   zd->stats.rx_bytes += skb->len;
   netif_rx(skb);
--
1.5.2.4