[PATCH 4.19 18/72] 9p: potential NULL dereference

From: Greg Kroah-Hartman
Date: Tue Jul 02 2019 - 04:08:30 EST


[ Upstream commit 72ea0321088df2c41eca8cc6160c24bcceb56ac7 ]

p9_tag_alloc() is supposed to return error pointers, but we accidentally
return a NULL here. It would cause a NULL dereference in the caller.

Link: http://lkml.kernel.org/m/20180926103934.GA14535@mwanda
Fixes: 996d5b4db4b1 ("9p: Use a slab for allocating requests")
Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Signed-off-by: Dominique Martinet <dominique.martinet@xxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
net/9p/client.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/9p/client.c b/net/9p/client.c
index 4becde979462..b615aae5a0f8 100644
--- a/net/9p/client.c
+++ b/net/9p/client.c
@@ -287,7 +287,7 @@ p9_tag_alloc(struct p9_client *c, int8_t type, unsigned int max_size)
int tag;

if (!req)
- return NULL;
+ return ERR_PTR(-ENOMEM);

if (p9_fcall_init(c, &req->tc, alloc_msize))
goto free_req;
--
2.20.1