diff options
| author | Adrian Bunk <bunk@kernel.org> | 2008-02-19 19:28:54 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2008-02-19 19:28:54 -0500 |
| commit | 94cb1503c799c0197e7ef5bad606fee5c84b99d8 (patch) | |
| tree | db9969ea8bf142e4c4a7621d0bc9382c42537686 | |
| parent | 15e29b8b0542f28fc0feed2d60e0377b39a45c4f (diff) | |
ipv4/fib_hash.c: fix NULL dereference
Unless I miss a guaranteed relation between between "f" and
"new_fa->fa_info" this patch is required for fixing a NULL dereference
introduced by commit a6501e080c318f8d4467679d17807f42b3a33cd5 ("[IPV4]
FIB_HASH: Reduce memory needs and speedup lookups") and spotted by the
Coverity checker.
Eric Dumazet says:
Hum, you are right, kmem_cache_free() doesnt allow a NULL
object, like kfree() does.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | net/ipv4/fib_hash.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c index 76b9c684cccd..8d58d85dfac6 100644 --- a/net/ipv4/fib_hash.c +++ b/net/ipv4/fib_hash.c | |||
| @@ -372,7 +372,8 @@ static struct fib_node *fib_find_node(struct fn_zone *fz, __be32 key) | |||
| 372 | static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) | 372 | static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) |
| 373 | { | 373 | { |
| 374 | struct fn_hash *table = (struct fn_hash *) tb->tb_data; | 374 | struct fn_hash *table = (struct fn_hash *) tb->tb_data; |
| 375 | struct fib_node *new_f, *f; | 375 | struct fib_node *new_f = NULL; |
| 376 | struct fib_node *f; | ||
| 376 | struct fib_alias *fa, *new_fa; | 377 | struct fib_alias *fa, *new_fa; |
| 377 | struct fn_zone *fz; | 378 | struct fn_zone *fz; |
| 378 | struct fib_info *fi; | 379 | struct fib_info *fi; |
| @@ -496,7 +497,6 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) | |||
| 496 | 497 | ||
| 497 | err = -ENOBUFS; | 498 | err = -ENOBUFS; |
| 498 | 499 | ||
| 499 | new_f = NULL; | ||
| 500 | if (!f) { | 500 | if (!f) { |
| 501 | new_f = kmem_cache_zalloc(fn_hash_kmem, GFP_KERNEL); | 501 | new_f = kmem_cache_zalloc(fn_hash_kmem, GFP_KERNEL); |
| 502 | if (new_f == NULL) | 502 | if (new_f == NULL) |
| @@ -512,7 +512,7 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) | |||
| 512 | if (new_fa->fa_info != NULL) { | 512 | if (new_fa->fa_info != NULL) { |
| 513 | new_fa = kmem_cache_alloc(fn_alias_kmem, GFP_KERNEL); | 513 | new_fa = kmem_cache_alloc(fn_alias_kmem, GFP_KERNEL); |
| 514 | if (new_fa == NULL) | 514 | if (new_fa == NULL) |
| 515 | goto out_free_new_f; | 515 | goto out; |
| 516 | } | 516 | } |
| 517 | new_fa->fa_info = fi; | 517 | new_fa->fa_info = fi; |
| 518 | new_fa->fa_tos = tos; | 518 | new_fa->fa_tos = tos; |
| @@ -540,9 +540,9 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) | |||
| 540 | &cfg->fc_nlinfo, 0); | 540 | &cfg->fc_nlinfo, 0); |
| 541 | return 0; | 541 | return 0; |
| 542 | 542 | ||
| 543 | out_free_new_f: | ||
| 544 | kmem_cache_free(fn_hash_kmem, new_f); | ||
| 545 | out: | 543 | out: |
| 544 | if (new_f) | ||
| 545 | kmem_cache_free(fn_hash_kmem, new_f); | ||
| 546 | fib_release_info(fi); | 546 | fib_release_info(fi); |
| 547 | return err; | 547 | return err; |
| 548 | } | 548 | } |