From: Willem de Bruijn <[email protected]>
Packet sockets may call dev_header_parse with NULL daddr. Make
lowpan_header_ops.create fail.
Fixes: 87a93e4eceb4 ("ieee802154: change needed headroom/tailroom")
Signed-off-by: Willem de Bruijn <[email protected]>
---
Re: function comment on packet socket address length: that is (now)
verified to be at least dev->addr_len.
It is customary to return -header_len on failure in .create(), but
not sure what that would be here, and any negative value is treated
the same by callers, so returning -EINVAL.
Is the return 0 on !ETH_P_IPV6 intentional, or should that also be
negative?
---
net/ieee802154/6lowpan/tx.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ieee802154/6lowpan/tx.c b/net/ieee802154/6lowpan/tx.c
index ca53efa17be1..8bec827081cd 100644
--- a/net/ieee802154/6lowpan/tx.c
+++ b/net/ieee802154/6lowpan/tx.c
@@ -48,6 +48,9 @@ int lowpan_header_create(struct sk_buff *skb, struct
net_device *ldev,
const struct ipv6hdr *hdr = ipv6_hdr(skb);
struct neighbour *n;
+ if (!daddr)
+ return -EINVAL;
+
/* TODO:
* if this package isn't ipv6 one, where should it be routed?
*/
--
2.20.1.415.g653613c723-goog
