From 1058be94c269251bf3e39fa832b121296f347cd0 Mon Sep 17 00:00:00 2001
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
Date: Mon, 8 Jan 2018 11:12:11 +0100
Subject: socket: check for null socket before fishing out sport

Otherwise we could have a null pointer dereference.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
---
 src/socket.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/socket.c b/src/socket.c
index 7de45b9..8eefa87 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -36,13 +36,14 @@ static inline int send4(struct wireguard_device *wg, struct sk_buff *skb, struct
 
 	rcu_read_lock_bh();
 	sock = rcu_dereference_bh(wg->sock4);
-	fl.fl4_sport = inet_sk(sock)->inet_sport;
 
 	if (unlikely(!sock)) {
 		ret = -ENONET;
 		goto err;
 	}
 
+	fl.fl4_sport = inet_sk(sock)->inet_sport;
+
 	if (cache)
 		rt = dst_cache_get_ip4(cache, &fl.saddr);
 
@@ -107,13 +108,14 @@ static inline int send6(struct wireguard_device *wg, struct sk_buff *skb, struct
 
 	rcu_read_lock_bh();
 	sock = rcu_dereference_bh(wg->sock6);
-	fl.fl6_sport = inet_sk(sock)->inet_sport;
 
 	if (unlikely(!sock)) {
 		ret = -ENONET;
 		goto err;
 	}
 
+	fl.fl6_sport = inet_sk(sock)->inet_sport;
+
 	if (cache)
 		dst = dst_cache_get_ip6(cache, &fl.saddr);
 
-- 
cgit v1.2.3