提交 1956cc52 编写于 作者: J Jesper Juhl 提交者: David S. Miller

ns83820: Avoid bad pointer deref in ns83820_init_one().

In drivers/net/ns83820.c::ns83820_init_one() we dynamically allocate
memory via alloc_etherdev(). We then call PRIV() on the returned storage
which is 'return netdev_priv()'. netdev_priv() takes the pointer it is
passed and adds 'ALIGN(sizeof(struct net_device), NETDEV_ALIGN)' to it and
returns it. Then we test the resulting pointer for NULL, which it is
unlikely to be at this point, and later dereference it. This will go bad
if alloc_etherdev() actually returned NULL.

This patch reworks the code slightly so that we test for a NULL pointer
(and return -ENOMEM) directly after calling alloc_etherdev().
Signed-off-by: NJesper Juhl <jj@chaosbits.net>
Signed-off-by: NBenjamin LaHaise <bcrl@kvack.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 2fdc1c80
...@@ -1988,12 +1988,11 @@ static int __devinit ns83820_init_one(struct pci_dev *pci_dev, ...@@ -1988,12 +1988,11 @@ static int __devinit ns83820_init_one(struct pci_dev *pci_dev,
} }
ndev = alloc_etherdev(sizeof(struct ns83820)); ndev = alloc_etherdev(sizeof(struct ns83820));
dev = PRIV(ndev);
err = -ENOMEM; err = -ENOMEM;
if (!dev) if (!ndev)
goto out; goto out;
dev = PRIV(ndev);
dev->ndev = ndev; dev->ndev = ndev;
spin_lock_init(&dev->rx_info.lock); spin_lock_init(&dev->rx_info.lock);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册