ipv6: move dereference after check in fl_free()
authorDan Carpenter <dan.carpenter@oracle.com>
Thu, 16 Aug 2012 13:15:02 +0000 (16:15 +0300)
committerEric W. Biederman <ebiederm@xmission.com>
Thu, 16 Aug 2012 23:04:42 +0000 (16:04 -0700)
There is a dereference before checking for NULL bug here.  Generally
free() functions should accept NULL pointers.  For example, fl_create()
can pass a NULL pointer to fl_free() on the error path.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
net/ipv6/ip6_flowlabel.c

index c836a6a20a34fb27d8df8766a2a199b12a02fc99..90bbefb579435d3f3c4117f738d38366d0421b33 100644 (file)
@@ -91,12 +91,9 @@ static struct ip6_flowlabel *fl_lookup(struct net *net, __be32 label)
 
 static void fl_free(struct ip6_flowlabel *fl)
 {
-       switch (fl->share) {
-       case IPV6_FL_S_PROCESS:
-               put_pid(fl->owner.pid);
-               break;
-       }
        if (fl) {
+               if (fl->share == IPV6_FL_S_PROCESS)
+                       put_pid(fl->owner.pid);
                release_net(fl->fl_net);
                kfree(fl->opt);
        }