Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

tipc: fix dereference before check warning

This fixes the following Smatch warning:
net/tipc/link.c:2364 tipc_link_recv_fragment()
    warn: variable dereferenced before check '*head' (see line 2361)

A null pointer might be passed to skb_try_coalesce if
a malicious sender injects orphan fragments on a link.

Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Erik Hugne 11 years ago
parent
c9e9042994
commit
3db0a197ed
1 changed files with 2 additions and 1 deletions
Split View Show Diff Stats
  1. 2 1
      net/tipc/link.c

+ 2 - 1
net/tipc/link.c
View File 

@@ -2358,7 +2358,8 @@ int tipc_link_recv_fragment(struct sk_buff **head, struct sk_buff **tail,
 
 		*head = frag;
 
 		skb_frag_list_init(*head);
 
 		return 0;
 
-	} else if (skb_try_coalesce(*head, frag, &headstolen, &delta)) {
 
+	} else if (*head &&
 
+		   skb_try_coalesce(*head, frag, &headstolen, &delta)) {
 
 		kfree_skb_partial(frag, headstolen);
 
 	} else {
 
 		if (!*head)