[patch 10/11] fix possible NULL ptr deref in forcedeth

[akpm]

From: Jesper Juhl <[EMAIL PROTECTED]>

There seems to be a possible NULL pointer deref bug in
drivers/net/forcedeth.c::nv_loopback_test().  If dev_alloc_skb() fails, the
next line will call skb_put() with a NULL first argument which it'll then
try to deref - kaboom: a NULL pointer deref.  Found by coverity (#1337).

Signed-off-by: Jesper Juhl <[EMAIL PROTECTED]>
Cc: Ayaz Abdulla <[EMAIL PROTECTED]>
Cc: Manfred Spraul <[EMAIL PROTECTED]>
Cc: Stephen Hemminger <[EMAIL PROTECTED]>
Cc: Jeff Garzik <[EMAIL PROTECTED]>
Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
---

 drivers/net/forcedeth.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff -puN drivers/net/forcedeth.c~fix-possible-null-ptr-deref-in-forcedeth 
drivers/net/forcedeth.c
--- a/drivers/net/forcedeth.c~fix-possible-null-ptr-deref-in-forcedeth
+++ a/drivers/net/forcedeth.c
@@ -3789,6 +3789,12 @@ static int nv_loopback_test(struct net_d
        /* setup packet for tx */
        pkt_len = ETH_DATA_LEN;
        tx_skb = dev_alloc_skb(pkt_len);
+       if (!tx_skb) {
+               printk(KERN_ERR "dev_alloc_skb() failed during loopback test"
+                        " of %s\n", dev->name);
+               ret = 0;
+               goto out;
+       }
        pkt_data = skb_put(tx_skb, pkt_len);
        for (i = 0; i < pkt_len; i++)
                pkt_data[i] = (u8)(i & 0xff);
@@ -3853,7 +3859,7 @@ static int nv_loopback_test(struct net_d
                       tx_skb->end-tx_skb->data,
                       PCI_DMA_TODEVICE);
        dev_kfree_skb_any(tx_skb);
-
+ out:
        /* stop engines */
        nv_stop_rx(dev);
        nv_stop_tx(dev);
_
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html