summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJesper Juhl <jesper.juhl@gmail.com>2006-12-08 11:39:34 +0100
committerLinus Torvalds <torvalds@woody.osdl.org>2006-12-08 17:29:01 +0100
commitf6e2cdc8aa395ea813603bfd81b70b5c461a8ebf (patch)
treecc6c66b9b53bfd313114c4b464223bef992449b4
parent[PATCH] isdn: fix missing unregister_capi_driver (diff)
downloadlinux-f6e2cdc8aa395ea813603bfd81b70b5c461a8ebf.tar.xz
linux-f6e2cdc8aa395ea813603bfd81b70b5c461a8ebf.zip
[PATCH] ISDN: Avoid a potential NULL ptr deref in ippp
There's a potential problem in isdn_ppp.c::isdn_ppp_decompress(). dev_alloc_skb() may fail and return NULL. If it does we will be passing a NULL skb_out to ipc->decompress() and may also end up dereferencing a NULL pointer at *proto = isdn_ppp_strip_proto(skb_out); Correct this by testing 'skb_out' against NULL early and bail out. Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com> Cc: Karsten Keil <kkeil@suse.de> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r--drivers/isdn/i4l/isdn_ppp.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
index 175199088bf4..26e46720fc1c 100644
--- a/drivers/isdn/i4l/isdn_ppp.c
+++ b/drivers/isdn/i4l/isdn_ppp.c
@@ -2536,6 +2536,11 @@ static struct sk_buff *isdn_ppp_decompress(struct sk_buff *skb,struct ippp_struc
rsparm.maxdlen = IPPP_RESET_MAXDATABYTES;
skb_out = dev_alloc_skb(is->mru + PPP_HDRLEN);
+ if (!skb_out) {
+ kfree_skb(skb);
+ printk(KERN_ERR "ippp: decomp memory allocation failure\n");
+ return NULL;
+ }
len = ipc->decompress(stat, skb, skb_out, &rsparm);
kfree_skb(skb);
if (len <= 0) {