aboutsummaryrefslogtreecommitdiffstats
path: root/drivers/net/ns83820.c
diff options
context:
space:
mode:
authorJesper Juhl <jj@chaosbits.net>2011-01-17 05:24:57 -0500
committerDavid S. Miller <davem@davemloft.net>2011-01-18 19:13:49 -0500
commit1956cc52e73984a39252994f0beee458fc0d8909 (patch)
treeaac01b12ee07ed2f5dd03ffdd77daee08ef85461 /drivers/net/ns83820.c
parent2fdc1c8093255f9da877d7b9ce3f46c2098377dc (diff)
ns83820: Avoid bad pointer deref in ns83820_init_one().
In drivers/net/ns83820.c::ns83820_init_one() we dynamically allocate memory via alloc_etherdev(). We then call PRIV() on the returned storage which is 'return netdev_priv()'. netdev_priv() takes the pointer it is passed and adds 'ALIGN(sizeof(struct net_device), NETDEV_ALIGN)' to it and returns it. Then we test the resulting pointer for NULL, which it is unlikely to be at this point, and later dereference it. This will go bad if alloc_etherdev() actually returned NULL. This patch reworks the code slightly so that we test for a NULL pointer (and return -ENOMEM) directly after calling alloc_etherdev(). Signed-off-by: Jesper Juhl <jj@chaosbits.net> Signed-off-by: Benjamin LaHaise <bcrl@kvack.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ns83820.c')
-rw-r--r--drivers/net/ns83820.c5
1 files changed, 2 insertions, 3 deletions
diff --git a/drivers/net/ns83820.c b/drivers/net/ns83820.c
index 84134c766f3a..a41b2cf4d917 100644
--- a/drivers/net/ns83820.c
+++ b/drivers/net/ns83820.c
@@ -1988,12 +1988,11 @@ static int __devinit ns83820_init_one(struct pci_dev *pci_dev,
1988 } 1988 }
1989 1989
1990 ndev = alloc_etherdev(sizeof(struct ns83820)); 1990 ndev = alloc_etherdev(sizeof(struct ns83820));
1991 dev = PRIV(ndev);
1992
1993 err = -ENOMEM; 1991 err = -ENOMEM;
1994 if (!dev) 1992 if (!ndev)
1995 goto out; 1993 goto out;
1996 1994
1995 dev = PRIV(ndev);
1997 dev->ndev = ndev; 1996 dev->ndev = ndev;
1998 1997
1999 spin_lock_init(&dev->rx_info.lock); 1998 spin_lock_init(&dev->rx_info.lock);