Re: [PATCH] ISDN: Avoid a potential NULL ptr deref in ippp

From: David Rientjes
Date: Mon Oct 30 2006 - 17:20:31 EST

Next message: David Rientjes: "[PATCH] net s2io: return on NULL dev_alloc_skb()"
Previous message: Lee Revell: "Re: Linux Freezes during disk IO on Asus M2NPV-VM nVidia chipset -raid 0 related?"
In reply to: Jesper Juhl: "[PATCH] ISDN: Avoid a potential NULL ptr deref in ippp"
Next in thread: David Rientjes: "[PATCH] drivers cris: return on NULL dev_alloc_skb()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 30 Oct 2006, Jesper Juhl wrote:

>
> There's a potential problem in isdn_ppp.c::isdn_ppp_decompress().
> dev_alloc_skb() may fail and return NULL. If it does we will be passing a
> NULL skb_out to ipc->decompress() and may also end up
> dereferencing a NULL pointer at
> *proto = isdn_ppp_strip_proto(skb_out);
> Correct this by testing 'skb_out' against NULL early and bail out.
>

Good catch. There's also been a potential NULL pointer on
etrax_ethernet_init in drivers/net/cris/eth_v10.c. RxDescList[i].skb
calls dev_alloc_skb and does not check its return value before
dereferencing it for the RxDescList[i].descr.buf virt_to_phys conversion.

(Mikael Starvik Cc'd)

David
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: David Rientjes: "[PATCH] net s2io: return on NULL dev_alloc_skb()"
Previous message: Lee Revell: "Re: Linux Freezes during disk IO on Asus M2NPV-VM nVidia chipset -raid 0 related?"
In reply to: Jesper Juhl: "[PATCH] ISDN: Avoid a potential NULL ptr deref in ippp"
Next in thread: David Rientjes: "[PATCH] drivers cris: return on NULL dev_alloc_skb()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]