[PATCH] RxRPC: Fix a potential NULL dereference
David Howells
dhowells at redhat.com
Fri Feb 6 06:59:43 EST 2009
Fix a potential NULL dereference bug during error handling in
rxrpc_kernel_begin_call(), whereby rxrpc_put_transport() may be handed a NULL
pointer.
This was found with a code checker (http://repo.or.cz/w/smatch.git/).
Reported-by: Dan Carpenter <error27 at gmail.com>
Signed-off-by: David Howells <dhowells at redhat.com>
---
net/rxrpc/af_rxrpc.c | 5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index d7d2bed..eac5e7b 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -284,13 +284,13 @@ struct rxrpc_call *rxrpc_kernel_begin_call(struct socket *sock,
if (IS_ERR(trans)) {
call = ERR_CAST(trans);
trans = NULL;
- goto out;
+ goto out_notrans;
}
} else {
trans = rx->trans;
if (!trans) {
call = ERR_PTR(-ENOTCONN);
- goto out;
+ goto out_notrans;
}
atomic_inc(&trans->usage);
}
@@ -315,6 +315,7 @@ struct rxrpc_call *rxrpc_kernel_begin_call(struct socket *sock,
rxrpc_put_bundle(trans, bundle);
out:
rxrpc_put_transport(trans);
+out_notrans:
release_sock(&rx->sk);
_leave(" = %p", call);
return call;
More information about the linux-afs
mailing list