diff mbox

Don't potentially dereference NULL in net/dcb/dcbnl.c:dcbnl_getapp()

Message ID alpine.LNX.2.00.1102102253230.8012@swampdragon.chaosbits.net
State Accepted, archived
Delegated to: David Miller
Headers show

Commit Message

Jesper Juhl Feb. 10, 2011, 9:57 p.m. UTC 
nla_nest_start() may return NULL. If it does then we'll blow up in 
nla_nest_end() when we dereference the pointer.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
---
 dcbnl.c |    3 +++
 1 file changed, 3 insertions(+)

  only compile tested.

Comments

David Miller Feb. 13, 2011, 7:21 p.m. UTC | #1 
From: Jesper Juhl <jj@chaosbits.net>
Date: Thu, 10 Feb 2011 22:57:16 +0100 (CET)

> nla_nest_start() may return NULL. If it does then we'll blow up in 
> nla_nest_end() when we dereference the pointer.
> 
> Signed-off-by: Jesper Juhl <jj@chaosbits.net>

Applied.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
diff mbox

Patch

diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 6b03f56..13cdc30 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -626,6 +626,9 @@  static int dcbnl_getapp(struct net_device *netdev, struct nlattr **tb,
 	dcb->cmd = DCB_CMD_GAPP;
 
 	app_nest = nla_nest_start(dcbnl_skb, DCB_ATTR_APP);
+	if (!app_nest)
+		goto out_cancel;
+
 	ret = nla_put_u8(dcbnl_skb, DCB_APP_ATTR_IDTYPE, idtype);
 	if (ret)
 		goto out_cancel;