Commit 94cb1503 authored by Adrian Bunk's avatar Adrian Bunk Committed by David S. Miller

ipv4/fib_hash.c: fix NULL dereference

Unless I miss a guaranteed relation between between "f" and
"new_fa->fa_info" this patch is required for fixing a NULL dereference
introduced by commit a6501e08 ("[IPV4]
FIB_HASH: Reduce memory needs and speedup lookups") and spotted by the
Coverity checker.

Eric Dumazet says:

	Hum, you are right, kmem_cache_free() doesnt allow a NULL
	object, like kfree() does.
Signed-off-by: default avatarAdrian Bunk <bunk@kernel.org>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 15e29b8b
...@@ -372,7 +372,8 @@ static struct fib_node *fib_find_node(struct fn_zone *fz, __be32 key) ...@@ -372,7 +372,8 @@ static struct fib_node *fib_find_node(struct fn_zone *fz, __be32 key)
static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg)
{ {
struct fn_hash *table = (struct fn_hash *) tb->tb_data; struct fn_hash *table = (struct fn_hash *) tb->tb_data;
struct fib_node *new_f, *f; struct fib_node *new_f = NULL;
struct fib_node *f;
struct fib_alias *fa, *new_fa; struct fib_alias *fa, *new_fa;
struct fn_zone *fz; struct fn_zone *fz;
struct fib_info *fi; struct fib_info *fi;
...@@ -496,7 +497,6 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) ...@@ -496,7 +497,6 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg)
err = -ENOBUFS; err = -ENOBUFS;
new_f = NULL;
if (!f) { if (!f) {
new_f = kmem_cache_zalloc(fn_hash_kmem, GFP_KERNEL); new_f = kmem_cache_zalloc(fn_hash_kmem, GFP_KERNEL);
if (new_f == NULL) if (new_f == NULL)
...@@ -512,7 +512,7 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) ...@@ -512,7 +512,7 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg)
if (new_fa->fa_info != NULL) { if (new_fa->fa_info != NULL) {
new_fa = kmem_cache_alloc(fn_alias_kmem, GFP_KERNEL); new_fa = kmem_cache_alloc(fn_alias_kmem, GFP_KERNEL);
if (new_fa == NULL) if (new_fa == NULL)
goto out_free_new_f; goto out;
} }
new_fa->fa_info = fi; new_fa->fa_info = fi;
new_fa->fa_tos = tos; new_fa->fa_tos = tos;
...@@ -540,9 +540,9 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg) ...@@ -540,9 +540,9 @@ static int fn_hash_insert(struct fib_table *tb, struct fib_config *cfg)
&cfg->fc_nlinfo, 0); &cfg->fc_nlinfo, 0);
return 0; return 0;
out_free_new_f:
kmem_cache_free(fn_hash_kmem, new_f);
out: out:
if (new_f)
kmem_cache_free(fn_hash_kmem, new_f);
fib_release_info(fi); fib_release_info(fi);
return err; return err;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment