[PATCH] orinoco: possible null pointer dereference in orinoco_rx_monitor()

From: Florin Malita
Date: Sat May 20 2006 - 15:23:30 EST

Next message: Alan Stern: "Efficient media-not-present detection"
Previous message: Iva: "done Capsuules for Pennis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

If the skb allocation fails, the current error path calls
dev_kfree_skb_irq() with a NULL argument. Also, 'err' is not being used.

Coverity CID: 275.

Signed-off-by: Florin Malita <fmalita@xxxxxxxxx>
---

diff --git a/drivers/net/wireless/orinoco.c b/drivers/net/wireless/orinoco.c
index 06523e2..c2d0b09 100644
--- a/drivers/net/wireless/orinoco.c
+++ b/drivers/net/wireless/orinoco.c
@@ -812,7 +812,6 @@ static void orinoco_rx_monitor(struct ne
if (datalen > IEEE80211_DATA_LEN + 12) {
printk(KERN_DEBUG "%s: oversized monitor frame, "
"data length = %d\n", dev->name, datalen);
- err = -EIO;
stats->rx_length_errors++;
goto update_stats;
}
@@ -821,8 +820,7 @@ static void orinoco_rx_monitor(struct ne
if (!skb) {
printk(KERN_WARNING "%s: Cannot allocate skb for monitor frame\n",
dev->name);
- err = -ENOMEM;
- goto drop;
+ goto update_stats;
}

/* Copy the 802.11 header to the skb */

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Alan Stern: "Efficient media-not-present detection"
Previous message: Iva: "done Capsuules for Pennis"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]