Commit 1956cc52 authored by Jesper Juhl's avatar Jesper Juhl Committed by David S. Miller
Browse files

ns83820: Avoid bad pointer deref in ns83820_init_one().



In drivers/net/ns83820.c::ns83820_init_one() we dynamically allocate
memory via alloc_etherdev(). We then call PRIV() on the returned storage
which is 'return netdev_priv()'. netdev_priv() takes the pointer it is
passed and adds 'ALIGN(sizeof(struct net_device), NETDEV_ALIGN)' to it and
returns it. Then we test the resulting pointer for NULL, which it is
unlikely to be at this point, and later dereference it. This will go bad
if alloc_etherdev() actually returned NULL.

This patch reworks the code slightly so that we test for a NULL pointer
(and return -ENOMEM) directly after calling alloc_etherdev().
Signed-off-by: default avatarJesper Juhl <jj@chaosbits.net>
Signed-off-by: default avatarBenjamin LaHaise <bcrl@kvack.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 2fdc1c80
...@@ -1988,12 +1988,11 @@ static int __devinit ns83820_init_one(struct pci_dev *pci_dev, ...@@ -1988,12 +1988,11 @@ static int __devinit ns83820_init_one(struct pci_dev *pci_dev,
} }
ndev = alloc_etherdev(sizeof(struct ns83820)); ndev = alloc_etherdev(sizeof(struct ns83820));
dev = PRIV(ndev);
err = -ENOMEM; err = -ENOMEM;
if (!dev) if (!ndev)
goto out; goto out;
dev = PRIV(ndev);
dev->ndev = ndev; dev->ndev = ndev;
spin_lock_init(&dev->rx_info.lock); spin_lock_init(&dev->rx_info.lock);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment