caif: Do not dereference NULL in chnl_recv_cb()

In net/caif/chnl_net.c::chnl_recv_cb() we call skb_header_pointer() which may return NULL, but we do not check for a NULL pointer before dereferencing it. This patch adds such a NULL check and properly free's allocated memory and return an error (-EINVAL) on failure - much better than crashing.. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Acked-by: Sjur Brændeland <sjur.brandeland@stericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>

caif: Do not dereference NULL in chnl_recv_cb()
In net/caif/chnl_net.c::chnl_recv_cb() we call skb_header_pointer() which may return NULL, but we do not check for a NULL pointer before dereferencing it. This patch adds such a NULL check and properly free's allocated memory and return an error (-EINVAL) on failure - much better than crashing.. Signed-off-by: Jesper Juhl <jj@chaosbits.net> Acked-by: Sjur Brændeland <sjur.brandeland@stericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Jesper Juhl · David S. Miller
1 parent 6c71bec66a
Showing 1 changed file with 4 additions and 0 deletions Side-by-side Diff
net/caif/chnl_net.c
@@ -94,6 +94,10 @@
  
 	/* check the version of IP */
 	ip_version = skb_header_pointer(skb, 0, 1, &buf);
+	if (!ip_version) {
+		kfree_skb(skb);
+		return -EINVAL;
+	}
  
 	switch (*ip_version >> 4) {
 	case 4:
...	...	@@ -94,6 +94,10 @@
94	94
95	95	/* check the version of IP */
96	96	ip_version = skb_header_pointer(skb, 0, 1, &buf);
	97	+ if (!ip_version) {
	98	+ kfree_skb(skb);
	99	+ return -EINVAL;
	100	+ }
97	101
98	102	switch (*ip_version >> 4) {
99	103	case 4: