From: Jesper Juhl Date: Tue, 16 Oct 2007 08:27:51 +0000 (-0700) Subject: fix possible NULL deref on low memory condition in capidrv.c::send_message() X-Git-Tag: firefly_0821_release~25621 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=b1b2e7cf4a9742f61d76fcb419b1fd13159876a5;p=firefly-linux-kernel-4.4.55.git fix possible NULL deref on low memory condition in capidrv.c::send_message() If we fail to allocate an skb in drivers/isdn/capi/capidrv.c::send_message(), then we'll end up dereferencing a NULL pointer. Since out of memory conditions are not unheard of, I believe it is better to print a error message and just return rather than bring down the whole kernel. Sure, doing this may upset some application, but that's still better than crashing the whole system. Signed-off-by: Jesper Juhl Acked-by: Karsten Keil Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/drivers/isdn/capi/capidrv.c b/drivers/isdn/capi/capidrv.c index 23b6f7bc16b7..476012b6dfac 100644 --- a/drivers/isdn/capi/capidrv.c +++ b/drivers/isdn/capi/capidrv.c @@ -506,9 +506,14 @@ static void send_message(capidrv_contr * card, _cmsg * cmsg) { struct sk_buff *skb; size_t len; + capi_cmsg2message(cmsg, cmsg->buf); len = CAPIMSG_LEN(cmsg->buf); skb = alloc_skb(len, GFP_ATOMIC); + if (!skb) { + printk(KERN_ERR "capidrv::send_message: can't allocate mem\n"); + return; + } memcpy(skb_put(skb, len), cmsg->buf, len); if (capi20_put_message(&global.ap, skb) != CAPI_NOERROR) kfree_skb(skb);