can: bcm: check for null sk before deferencing it via the call to sock_net

The assignment of net via call sock_net will dereference sk. This
is performed before a sanity null check on sk, so there could be
a potential null dereference on the sock_net call if sk is null.
Fix this by assigning net after the sk null check. Also replace
the sk == NULL with the more usual !sk idiom.

Detected by CoverityScan CID#1431862 ("Dereference before null check")

Fixes: 384317ef4187 ("can: network namespace support for CAN_BCM protocol")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>

diff --git a/net/can/bcm.c b/net/can/bcm.c
index 47a8748d953afbf460238804d3d7d3d8b087f474..13690334efa31b978cff2ed6432af626f00cab76 100644 (file)
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -1493,13 +1493,14 @@ static int bcm_init(struct sock *sk)
 static int bcm_release(struct socket *sock)
 {
        struct sock *sk = sock->sk;
-       struct net *net = sock_net(sk);
+       struct net *net;
        struct bcm_sock *bo;
        struct bcm_op *op, *next;
 
-       if (sk == NULL)
+       if (!sk)
                return 0;
 
+       net = sock_net(sk);
        bo = bcm_sk(sk);
 
        /* remove bcm_ops, timer, rx_unregister(), etc. */