ip: fix error handling in ip_finish_output2() __neigh_create() returns either a pointer to struct neighbour or PTR_ERR(). But the caller expects it to return either a pointer or NULL. Replace the NULL check with IS_ERR() check. The bug was introduced in a263b3093641fb1ec377582c90986a7fd0625184 ("ipv4: Make neigh lookups directly in output packet path."). Signed-off-by: Vasily Kulikov <segoon@openwall.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: 9871f1ad677d95ffeca80e2c21b70af9bfc9cc91 [log] [tgz]
author: Vasiliy Kulikov <segoon@openwall.com> Mon Aug 06 03:55:29 2012 +0000
committer: David S. Miller <davem@davemloft.net> Mon Aug 06 13:30:01 2012 -0700
tree: 85e0fc87c1df524a936d2c0d61a86bd9f994c760
parent: 91d27a8650d5359a7a320daeb35b88cdea15e3a8 [diff]
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index ba39a52..76dde25 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c

@@ -197,7 +197,7 @@
 	neigh = __ipv4_neigh_lookup_noref(dev, nexthop);
 	if (unlikely(!neigh))
 		neigh = __neigh_create(&arp_tbl, &nexthop, dev, false);
-	if (neigh) {
+	if (!IS_ERR(neigh)) {
 		int res = dst_neigh_output(dst, neigh, skb);
 
 		rcu_read_unlock_bh();
commit	9871f1ad677d95ffeca80e2c21b70af9bfc9cc91	[log] [tgz]
author	Vasiliy Kulikov <segoon@openwall.com>	Mon Aug 06 03:55:29 2012 +0000
committer	David S. Miller <davem@davemloft.net>	Mon Aug 06 13:30:01 2012 -0700
tree	85e0fc87c1df524a936d2c0d61a86bd9f994c760
parent	91d27a8650d5359a7a320daeb35b88cdea15e3a8 [diff]