tipc: fix dereference before check warning

This fixes the following Smatch warning: net/tipc/link.c:2364 tipc_link_recv_fragment() warn: variable dereferenced before check '*head' (see line 2361) A null pointer might be passed to skb_try_coalesce if a malicious sender injects orphan fragments on a link. Signed-off-by: N Erik Hugne <erik.hugne@ericsson.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

tipc: fix dereference before check warning
This fixes the following Smatch warning: net/tipc/link.c:2364 tipc_link_recv_fragment() warn: variable dereferenced before check '*head' (see line 2361) A null pointer might be passed to skb_try_coalesce if a malicious sender injects orphan fragments on a link. Signed-off-by: N Erik Hugne <erik.hugne@ericsson.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
3db0a197 · Erik Hugne · David S. Miller · c9e90429 · 3db0a197
隐藏空白更改
内联并排

Showing with 2 addition and 1 deletion

net/tipc/link.c net/tipc/link.c +2 -1

未找到文件。
--- a/net/tipc/link.c
+++ b/net/tipc/link.c
@@ -2358,7 +2358,8 @@ int tipc_link_recv_fragment(struct sk_buff **head, struct sk_buff **tail,
 		*head = frag;
 		skb_frag_list_init(*head);
 		return 0;
-	} else if (skb_try_coalesce(*head, frag, &headstolen, &delta)) {
+	} else if (*head &&
+		   skb_try_coalesce(*head, frag, &headstolen, &delta)) {
 		kfree_skb_partial(frag, headstolen);
 	} else {
 		if (!*head)