From: Jesper Juhl Date: Fri, 17 Aug 2012 10:33:12 +0000 (+0000) Subject: caif: Do not dereference NULL in chnl_recv_cb() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=d92c7f8aabae913de16eb855b19cd2002c341896;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git caif: Do not dereference NULL in chnl_recv_cb() In net/caif/chnl_net.c::chnl_recv_cb() we call skb_header_pointer() which may return NULL, but we do not check for a NULL pointer before dereferencing it. This patch adds such a NULL check and properly free's allocated memory and return an error (-EINVAL) on failure - much better than crashing.. Signed-off-by: Jesper Juhl Acked-by: Sjur Brændeland Signed-off-by: David S. Miller --- diff --git a/net/caif/chnl_net.c b/net/caif/chnl_net.c index 69771c04ba8f..e597733affb8 100644 --- a/net/caif/chnl_net.c +++ b/net/caif/chnl_net.c @@ -94,6 +94,10 @@ static int chnl_recv_cb(struct cflayer *layr, struct cfpkt *pkt) /* check the version of IP */ ip_version = skb_header_pointer(skb, 0, 1, &buf); + if (!ip_version) { + kfree_skb(skb); + return -EINVAL; + } switch (*ip_version >> 4) { case 4: