From patchwork Thu Feb 10 21:57:16 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Jesper Juhl <jj@chaosbits.net>
X-Patchwork-Id: 82674
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 9EC01B713E
	for <patchwork-incoming@ozlabs.org>;
	Fri, 11 Feb 2011 08:58:51 +1100 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757182Ab1BJV61 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Thu, 10 Feb 2011 16:58:27 -0500
Received: from swampdragon.chaosbits.net ([90.184.90.115]:28014 "EHLO
	swampdragon.chaosbits.net" rhost-flags-OK-OK-OK-OK) by
	vger.kernel.org with ESMTP id S1756974Ab1BJV60 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 10 Feb 2011 16:58:26 -0500
Received: by swampdragon.chaosbits.net (Postfix, from userid 1000)
	id D14F59403D; Thu, 10 Feb 2011 22:57:16 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by swampdragon.chaosbits.net (Postfix) with ESMTP id C7BDF9403B;
	Thu, 10 Feb 2011 22:57:16 +0100 (CET)
Date: Thu, 10 Feb 2011 22:57:16 +0100 (CET)
From: Jesper Juhl <jj@chaosbits.net>
To: linux-kernel@vger.kernel.org
cc: netdev@vger.kernel.org, Alexey Dobriyan <adobriyan@gmail.com>,
	Dan Carpenter <error27@gmail.com>, Shmulik Ravid <shmulikr@broadcom.com>,
	John Fastabend <john.r.fastabend@intel.com>,
	"David S. Miller" <davem@davemloft.net>, Lucy Liu <lucy.liu@intel.com>
Subject: [PATCH] Don't potentially dereference NULL in
	net/dcb/dcbnl.c:dcbnl_getapp()
Message-ID: <alpine.LNX.2.00.1102102253230.8012@swampdragon.chaosbits.net>
User-Agent: Alpine 2.00 (LNX 1167 2008-08-23)
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

nla_nest_start() may return NULL. If it does then we'll blow up in 
nla_nest_end() when we dereference the pointer.

Signed-off-by: Jesper Juhl <jj@chaosbits.net>
---
 dcbnl.c |    3 +++
 1 file changed, 3 insertions(+)

  only compile tested.

diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 6b03f56..13cdc30 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -626,6 +626,9 @@ static int dcbnl_getapp(struct net_device *netdev, struct nlattr **tb,
 	dcb->cmd = DCB_CMD_GAPP;
 
 	app_nest = nla_nest_start(dcbnl_skb, DCB_ATTR_APP);
+	if (!app_nest)
+		goto out_cancel;
+
 	ret = nla_put_u8(dcbnl_skb, DCB_APP_ATTR_IDTYPE, idtype);
 	if (ret)
 		goto out_cancel;