ns83820: Avoid bad pointer deref in ns83820_init_one().

In drivers/net/ns83820.c::ns83820_init_one() we dynamically allocate memory via alloc_etherdev(). We then call PRIV() on the returned storage which is 'return netdev_priv()'. netdev_priv() takes the pointer it is passed and adds 'ALIGN(sizeof(struct net_device), NETDEV_ALIGN)' to it and returns it. Then we test the resulting pointer for NULL, which it is unlikely to be at this point, and later dereference it. This will go bad if alloc_etherdev() actually returned NULL. This patch reworks the code slightly so that we test for a NULL pointer (and return -ENOMEM) directly after calling alloc_etherdev(). Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Jesper Juhl <jj@chaosbits.net> 2011-01-17 05:24:57 -0500
committer: David S. Miller <davem@davemloft.net> 2011-01-18 19:13:49 -0500
commit: 1956cc52e73984a39252994f0beee458fc0d8909 (patch)
tree: aac01b12ee07ed2f5dd03ffdd77daee08ef85461
parent: 2fdc1c8093255f9da877d7b9ce3f46c2098377dc (diff)
1 files changed, 2 insertions, 3 deletions
diff --git a/drivers/net/ns83820.c b/drivers/net/ns83820.c
index 84134c766f3a..a41b2cf4d917 100644
--- a/drivers/net/ns83820.c
+++ b/drivers/net/ns83820.c
@@ -1988,12 +1988,11 @@ static int __devinit ns83820_init_one(struct pci_dev *pci_dev,
        }
        ndev = alloc_etherdev(sizeof(struct ns83820));
-        dev = PRIV(ndev);
        err = -ENOMEM;
-        if (!dev)
+        if (!ndev)
                goto out;
+        dev = PRIV(ndev);
        dev->ndev = ndev;
        spin_lock_init(&dev->rx_info.lock);
author	Jesper Juhl <jj@chaosbits.net>	2011-01-17 05:24:57 -0500
committer	David S. Miller <davem@davemloft.net>	2011-01-18 19:13:49 -0500
commit	1956cc52e73984a39252994f0beee458fc0d8909 (patch)
tree	aac01b12ee07ed2f5dd03ffdd77daee08ef85461
parent	2fdc1c8093255f9da877d7b9ce3f46c2098377dc (diff)