From: Jesper Juhl Date: Mon, 17 Jan 2011 10:24:57 +0000 (+0000) Subject: ns83820: Avoid bad pointer deref in ns83820_init_one(). X-Git-Tag: firefly_0821_release~7613^2~2412^2~142 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=1956cc52e73984a39252994f0beee458fc0d8909;p=firefly-linux-kernel-4.4.55.git ns83820: Avoid bad pointer deref in ns83820_init_one(). In drivers/net/ns83820.c::ns83820_init_one() we dynamically allocate memory via alloc_etherdev(). We then call PRIV() on the returned storage which is 'return netdev_priv()'. netdev_priv() takes the pointer it is passed and adds 'ALIGN(sizeof(struct net_device), NETDEV_ALIGN)' to it and returns it. Then we test the resulting pointer for NULL, which it is unlikely to be at this point, and later dereference it. This will go bad if alloc_etherdev() actually returned NULL. This patch reworks the code slightly so that we test for a NULL pointer (and return -ENOMEM) directly after calling alloc_etherdev(). Signed-off-by: Jesper Juhl Signed-off-by: Benjamin LaHaise Signed-off-by: David S. Miller --- diff --git a/drivers/net/ns83820.c b/drivers/net/ns83820.c index 84134c766f3a..a41b2cf4d917 100644 --- a/drivers/net/ns83820.c +++ b/drivers/net/ns83820.c @@ -1988,12 +1988,11 @@ static int __devinit ns83820_init_one(struct pci_dev *pci_dev, } ndev = alloc_etherdev(sizeof(struct ns83820)); - dev = PRIV(ndev); - err = -ENOMEM; - if (!dev) + if (!ndev) goto out; + dev = PRIV(ndev); dev->ndev = ndev; spin_lock_init(&dev->rx_info.lock);