diff options
author | Jesper Juhl <jesper.juhl@gmail.com> | 2007-10-16 04:27:51 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-10-16 12:43:10 -0400 |
commit | b1b2e7cf4a9742f61d76fcb419b1fd13159876a5 (patch) | |
tree | da6855dbf5d1216e53d7ab27b7a2b1cce6a36a1b /drivers/isdn | |
parent | 4e3dfacaa0b8e469f412ae776f222102042d7e24 (diff) |
fix possible NULL deref on low memory condition in capidrv.c::send_message()
If we fail to allocate an skb in
drivers/isdn/capi/capidrv.c::send_message(), then we'll end up
dereferencing a NULL pointer.
Since out of memory conditions are not unheard of, I believe it
is better to print a error message and just return rather than
bring down the whole kernel.
Sure, doing this may upset some application, but that's still
better than crashing the whole system.
Signed-off-by: Jesper Juhl <jesper.juhl@gmail.com>
Acked-by: Karsten Keil <kkeil@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'drivers/isdn')
-rw-r--r-- | drivers/isdn/capi/capidrv.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/drivers/isdn/capi/capidrv.c b/drivers/isdn/capi/capidrv.c index 23b6f7bc16b7..476012b6dfac 100644 --- a/drivers/isdn/capi/capidrv.c +++ b/drivers/isdn/capi/capidrv.c | |||
@@ -506,9 +506,14 @@ static void send_message(capidrv_contr * card, _cmsg * cmsg) | |||
506 | { | 506 | { |
507 | struct sk_buff *skb; | 507 | struct sk_buff *skb; |
508 | size_t len; | 508 | size_t len; |
509 | |||
509 | capi_cmsg2message(cmsg, cmsg->buf); | 510 | capi_cmsg2message(cmsg, cmsg->buf); |
510 | len = CAPIMSG_LEN(cmsg->buf); | 511 | len = CAPIMSG_LEN(cmsg->buf); |
511 | skb = alloc_skb(len, GFP_ATOMIC); | 512 | skb = alloc_skb(len, GFP_ATOMIC); |
513 | if (!skb) { | ||
514 | printk(KERN_ERR "capidrv::send_message: can't allocate mem\n"); | ||
515 | return; | ||
516 | } | ||
512 | memcpy(skb_put(skb, len), cmsg->buf, len); | 517 | memcpy(skb_put(skb, len), cmsg->buf, len); |
513 | if (capi20_put_message(&global.ap, skb) != CAPI_NOERROR) | 518 | if (capi20_put_message(&global.ap, skb) != CAPI_NOERROR) |
514 | kfree_skb(skb); | 519 | kfree_skb(skb); |