loop: fix NULL dereference if mount fails

[safe/jmp/linux-2.6] / net / netrom / nr_in.c

diff --git a/net/netrom/nr_in.c b/net/netrom/nr_in.c
index 64b81a7..6817648 100644 (file)
--- a/net/netrom/nr_in.c
+++ b/net/netrom/nr_in.c
@@ -12,7 +12,6 @@
 #include <linux/socket.h>
 #include <linux/in.h>
 #include <linux/kernel.h>
-#include <linux/sched.h>
 #include <linux/timer.h>
 #include <linux/string.h>
 #include <linux/sockios.h>
@@ -52,10 +51,12 @@ static int nr_queue_rx_frame(struct sock *sk, struct sk_buff *skb, int more)
                if ((skbn = alloc_skb(nr->fraglen, GFP_ATOMIC)) == NULL)
                        return 1;
 
-               skbn->h.raw = skbn->data;
+               skb_reset_transport_header(skbn);
 
                while ((skbo = skb_dequeue(&nr->frag_queue)) != NULL) {
-                       memcpy(skb_put(skbn, skbo->len), skbo->data, skbo->len);
+                       skb_copy_from_linear_data(skbo,
+                                                 skb_put(skbn, skbo->len),
+                                                 skbo->len);
                        kfree_skb(skbo);
                }
 
@@ -98,6 +99,11 @@ static int nr_state1_machine(struct sock *sk, struct sk_buff *skb,
                nr_disconnect(sk, ECONNREFUSED);
                break;
 
+       case NR_RESET:
+               if (sysctl_netrom_reset_circuit)
+                       nr_disconnect(sk, ECONNRESET);
+               break;
+
        default:
                break;
        }
@@ -124,6 +130,11 @@ static int nr_state2_machine(struct sock *sk, struct sk_buff *skb,
                nr_disconnect(sk, 0);
                break;
 
+       case NR_RESET:
+               if (sysctl_netrom_reset_circuit)
+                       nr_disconnect(sk, ECONNRESET);
+               break;
+
        default:
                break;
        }
@@ -254,6 +265,11 @@ static int nr_state3_machine(struct sock *sk, struct sk_buff *skb, int frametype
                }
                break;
 
+       case NR_RESET:
+               if (sysctl_netrom_reset_circuit)
+                       nr_disconnect(sk, ECONNRESET);
+               break;
+
        default:
                break;
        }