+From 9f1fb6914d66e282c2b1f51aa2d4a231c84df84d Mon Sep 17 00:00:00 2001
+From: Pau Koning <paukoning@gmail.com>
+Date: Fri, 15 Feb 2013 00:18:56 +0100
+Subject: [PATCH 4/4] batman-adv: Fix NULL pointer dereference in DAT hash
+ collision avoidance
+
+An entry in DAT with the hashed position of 0 can cause a NULL pointer
+dereference when the first entry is checked by batadv_choose_next_candidate.
+This first candidate automatically has the max value of 0 and the max_orig_node
+of NULL. Not checking max_orig_node for NULL in batadv_is_orig_node_eligible
+will lead to a NULL pointer dereference when checking for the lowest address.
+
+This problem was added in 785ea1144182c341b8b85b0f8180291839d176a8
+("batman-adv: Distributed ARP Table - create DHT helper functions").
+
+Signed-off-by: Pau Koning <paukoning@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
+---
+ distributed-arp-table.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/distributed-arp-table.c b/distributed-arp-table.c
+index ea0bd31..761a590 100644
+--- a/distributed-arp-table.c
++++ b/distributed-arp-table.c
+@@ -440,7 +440,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res,
+ /* this is an hash collision with the temporary selected node. Choose
+ * the one with the lowest address
+ */
+- if ((tmp_max == max) &&
++ if ((tmp_max == max) && max_orig_node &&
+ (batadv_compare_eth(candidate->orig, max_orig_node->orig) > 0))
+ goto out;
+
+--
+1.7.10.4
+