提交 b1b2e7cf 编写于 作者: J Jesper Juhl 提交者: Linus Torvalds

fix possible NULL deref on low memory condition in capidrv.c::send_message()

If we fail to allocate an skb in
drivers/isdn/capi/capidrv.c::send_message(), then we'll end up
dereferencing a NULL pointer.
Since out of memory conditions are not unheard of, I believe it
is better to print a error message and just return rather than
bring down the whole kernel.
Sure, doing this may upset some application, but that's still
better than crashing the whole system.
Signed-off-by: NJesper Juhl <jesper.juhl@gmail.com>
Acked-by: NKarsten Keil <kkeil@suse.de>
Signed-off-by: NAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: NLinus Torvalds <torvalds@linux-foundation.org>
上级 4e3dfaca
...@@ -506,9 +506,14 @@ static void send_message(capidrv_contr * card, _cmsg * cmsg) ...@@ -506,9 +506,14 @@ static void send_message(capidrv_contr * card, _cmsg * cmsg)
{ {
struct sk_buff *skb; struct sk_buff *skb;
size_t len; size_t len;
capi_cmsg2message(cmsg, cmsg->buf); capi_cmsg2message(cmsg, cmsg->buf);
len = CAPIMSG_LEN(cmsg->buf); len = CAPIMSG_LEN(cmsg->buf);
skb = alloc_skb(len, GFP_ATOMIC); skb = alloc_skb(len, GFP_ATOMIC);
if (!skb) {
printk(KERN_ERR "capidrv::send_message: can't allocate mem\n");
return;
}
memcpy(skb_put(skb, len), cmsg->buf, len); memcpy(skb_put(skb, len), cmsg->buf, len);
if (capi20_put_message(&global.ap, skb) != CAPI_NOERROR) if (capi20_put_message(&global.ap, skb) != CAPI_NOERROR)
kfree_skb(skb); kfree_skb(skb);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册