Function chtls_close_conn() defined in drivers/crypto/chelsio/chtls/chtls_cm.c
calls alloc_skb() to allocate memory for struct sk_buff which is dereferenced
immediately. As alloc_skb() may return NULL on failure, this code piece may
cause NULL pointer dereference bug.
---
drivers/crypto/chelsio/chtls/chtls_cm.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/drivers/crypto/chelsio/chtls/chtls_cm.c
b/drivers/crypto/chelsio/chtls/chtls_cm.c
index 0997e16..0e8eec6 100644
--- a/drivers/crypto/chelsio/chtls/chtls_cm.c
+++ b/drivers/crypto/chelsio/chtls/chtls_cm.c
@@ -267,6 +267,8 @@ static void chtls_close_conn(struct sock *sk)
tid = csk->tid;
skb = alloc_skb(len, GFP_KERNEL | __GFP_NOFAIL);
+ if (!skb)
+ return -ENOMEM;
req = (struct cpl_close_con_req *)__skb_put(skb, len);
memset(req, 0, len);
req->wr.wr_hi = htonl(FW_WR_OP_V(FW_TP_WR) |
--
2.6.4