From c5c9c18f84ee2b90e77bae9d7c0c4626a7cc99cb Mon Sep 17 00:00:00 2001
From: Michael Blizek <michi1@michaelblizek.twilightparadox.com>
Date: Sun, 21 Feb 2010 18:40:57 +0100
Subject: [PATCH] invalid conn_id receive crash fix

---
 net/cor/rcv.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/cor/rcv.c b/net/cor/rcv.c
index 6cbfc924065..1ce74db066b 100644
--- a/net/cor/rcv.c
+++ b/net/cor/rcv.c
@@ -175,6 +175,12 @@ static void conn_rcv(struct sk_buff *skb, __u32 conn_id, __u32 seqno)
 	ps->funcstate.rcv2.seqno = seqno;
 
 	ps->rconn = get_conn(ps->funcstate.rcv2.conn_id);
+	
+	if (unlikely(ps->rconn == 0)) {
+		printk(KERN_ERR "unknown conn_id when receiving: %d", conn_id);
+		kfree_skb(skb);
+		return;
+	}
 	_conn_rcv(skb);
 }
 
-- 
2.11.4.GIT