summaryrefslogtreecommitdiffstatshomepage
diff options
context:
space:
mode:
authorJason A. Donenfeld <Jason@zx2c4.com>2018-01-08 11:12:11 +0100
committerJason A. Donenfeld <Jason@zx2c4.com>2018-01-08 11:12:48 +0100
commit6fcd86c479758f031deebe9bb652f1cf51a54043 (patch)
treec66fbf6e1f0a4f73e63af756b68ad91c2b1d11d0
parentglobal: year bump (diff)
downloadwireguard-monolithic-historical-6fcd86c479758f031deebe9bb652f1cf51a54043.tar.xz
wireguard-monolithic-historical-6fcd86c479758f031deebe9bb652f1cf51a54043.zip
socket: check for null socket before fishing out sport
Otherwise we could have a null pointer dereference.
-rw-r--r--src/socket.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/src/socket.c b/src/socket.c
index 7de45b9..8eefa87 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -36,13 +36,14 @@ static inline int send4(struct wireguard_device *wg, struct sk_buff *skb, struct
rcu_read_lock_bh();
sock = rcu_dereference_bh(wg->sock4);
- fl.fl4_sport = inet_sk(sock)->inet_sport;
if (unlikely(!sock)) {
ret = -ENONET;
goto err;
}
+ fl.fl4_sport = inet_sk(sock)->inet_sport;
+
if (cache)
rt = dst_cache_get_ip4(cache, &fl.saddr);
@@ -107,13 +108,14 @@ static inline int send6(struct wireguard_device *wg, struct sk_buff *skb, struct
rcu_read_lock_bh();
sock = rcu_dereference_bh(wg->sock6);
- fl.fl6_sport = inet_sk(sock)->inet_sport;
if (unlikely(!sock)) {
ret = -ENONET;
goto err;
}
+ fl.fl6_sport = inet_sk(sock)->inet_sport;
+
if (cache)
dst = dst_cache_get_ip6(cache, &fl.saddr);