From 42a9b5c6c325231af3f14ba2ad9c28d4f1a8bbd7 Mon Sep 17 00:00:00 2001
From: "Andrew S. Johnson" <jengelh@inai.de>
Date: Sun, 28 Feb 2021 15:54:56 +0100
Subject: [PATCH] xt_pknock: cure NULL dereference

The original patch for long division on x86 didn't take into account
the use of short circuit logic for checking if peer is NULL before
testing it. Here is a revised patch to v3.16.
---
 extensions/pknock/xt_pknock.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/extensions/pknock/xt_pknock.c b/extensions/pknock/xt_pknock.c
index 8fc3358..4e8ab2d 100644
--- a/extensions/pknock/xt_pknock.c
+++ b/extensions/pknock/xt_pknock.c
@@ -311,9 +311,13 @@ static void update_rule_gc_timer(struct xt_pknock_rule *rule)
 static inline bool
 autoclose_time_passed(const struct peer *peer, unsigned int autoclose_time)
 {
-	unsigned long x = ktime_get_seconds();
-	unsigned long y = peer->login_sec + autoclose_time * 60;
-	return peer != NULL && autoclose_time != 0 && time_after(x, y);
+	if (peer != NULL) {
+		unsigned long x = ktime_get_seconds();
+		unsigned long y = peer->login_sec + autoclose_time * 60;
+		return autoclose_time != 0 && time_after(x, y);
+	} else {
+		return 0;
+	}
 }
 
 /**
@@ -335,8 +339,12 @@ is_interknock_time_exceeded(const struct peer *peer, unsigned int max_time)
 static inline bool
 has_logged_during_this_minute(const struct peer *peer)
 {
-	unsigned long x = ktime_get_seconds(), y = peer->login_sec;
-	return peer != NULL && do_div(y, 60) == do_div(x, 60);
+	if (peer != NULL) {
+		unsigned long x = ktime_get_seconds(), y = peer->login_sec;
+		return do_div(y, 60) == do_div(x, 60);
+	} else {
+		return 0;
+	}
 }
 
 /**