diff options
author | Adrian Bunk <bunk@kernel.org> | 2008-02-19 19:28:54 -0500 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-02-19 19:28:54 -0500 |
commit | 94cb1503c799c0197e7ef5bad606fee5c84b99d8 (patch) | |
tree | db9969ea8bf142e4c4a7621d0bc9382c42537686 /net/ipv4/fib_hash.c | |
parent | 15e29b8b0542f28fc0feed2d60e0377b39a45c4f (diff) |
ipv4/fib_hash.c: fix NULL dereference
Unless I miss a guaranteed relation between between "f" and
"new_fa->fa_info" this patch is required for fixing a NULL dereference
introduced by commit a6501e080c318f8d4467679d17807f42b3a33cd5 ("[IPV4]
FIB_HASH: Reduce memory needs and speedup lookups") and spotted by the
Coverity checker.
Eric Dumazet says:
Hum, you are right, kmem_cache_free() doesnt allow a NULL
object, like kfree() does.
Signed-off-by: Adrian Bunk <bunk@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/fib_hash.c')
-rw-r--r-- | net/ipv4/fib_hash.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c index 76b9c684cccd..8d58d85dfac6 100644 --- a/net/ipv4/fib_hash.c +++ b/net/ipv4/fib_hash.c | |||
@@ -372,7 +372,8 @@ static struct fib_node *fib_find_node(struct fn_zone *fz, __be32 key) | |||
372 | static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) | 372 | static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) |
373 | { | 373 | { |
374 | struct fn_hash *table = (struct fn_hash *) tb->tb_data; | 374 | struct fn_hash *table = (struct fn_hash *) tb->tb_data; |
375 | struct fib_node *new_f, *f; | 375 | struct fib_node *new_f = NULL; |
376 | struct fib_node *f; | ||
376 | struct fib_alias *fa, *new_fa; | 377 | struct fib_alias *fa, *new_fa; |
377 | struct fn_zone *fz; | 378 | struct fn_zone *fz; |
378 | struct fib_info *fi; | 379 | struct fib_info *fi; |
@@ -496,7 +497,6 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) | |||
496 | 497 | ||
497 | err = -ENOBUFS; | 498 | err = -ENOBUFS; |
498 | 499 | ||
499 | new_f = NULL; | ||
500 | if (!f) { | 500 | if (!f) { |
501 | new_f = kmem_cache_zalloc(fn_hash_kmem, GFP_KERNEL); | 501 | new_f = kmem_cache_zalloc(fn_hash_kmem, GFP_KERNEL); |
502 | if (new_f == NULL) | 502 | if (new_f == NULL) |
@@ -512,7 +512,7 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) | |||
512 | if (new_fa->fa_info != NULL) { | 512 | if (new_fa->fa_info != NULL) { |
513 | new_fa = kmem_cache_alloc(fn_alias_kmem, GFP_KERNEL); | 513 | new_fa = kmem_cache_alloc(fn_alias_kmem, GFP_KERNEL); |
514 | if (new_fa == NULL) | 514 | if (new_fa == NULL) |
515 | goto out_free_new_f; | 515 | goto out; |
516 | } | 516 | } |
517 | new_fa->fa_info = fi; | 517 | new_fa->fa_info = fi; |
518 | new_fa->fa_tos = tos; | 518 | new_fa->fa_tos = tos; |
@@ -540,9 +540,9 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) | |||
540 | &cfg->fc_nlinfo, 0); | 540 | &cfg->fc_nlinfo, 0); |
541 | return 0; | 541 | return 0; |
542 | 542 | ||
543 | out_free_new_f: | ||
544 | kmem_cache_free(fn_hash_kmem, new_f); | ||
545 | out: | 543 | out: |
544 | if (new_f) | ||
545 | kmem_cache_free(fn_hash_kmem, new_f); | ||
546 | fib_release_info(fi); | 546 | fib_release_info(fi); |
547 | return err; | 547 | return err; |
548 | } | 548 | } |