[PATCH 621/641] Staging: rt2860: fix possible NULL dereferences
Greg Kroah-Hartman
gregkh at suse.de
Tue Sep 15 19:14:12 UTC 2009
From: Roel Kluin <roel.kluin at gmail.com>
Allocations may fail, prevent NULL dereferences.
Signed-off-by: Roel Kluin <roel.kluin at gmail.com>
Acked-by: Bartlomiej Zolnierkiewicz <bzolnier at gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/staging/rt2860/common/ba_action.c | 4 ++++
drivers/staging/rt2860/common/cmm_data.c | 2 ++
drivers/staging/rt2860/rt_main_dev.c | 2 ++
3 files changed, 8 insertions(+), 0 deletions(-)
diff --git a/drivers/staging/rt2860/common/ba_action.c b/drivers/staging/rt2860/common/ba_action.c
index 79a5164..b7bbe99 100644
--- a/drivers/staging/rt2860/common/ba_action.c
+++ b/drivers/staging/rt2860/common/ba_action.c
@@ -867,6 +867,8 @@ VOID BAOriSessionTearDown(
// force send specified TID DelBA
MLME_DELBA_REQ_STRUCT DelbaReq;
MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+ if (Elem == NULL)
+ return;
NdisZeroMemory(&DelbaReq, sizeof(DelbaReq));
NdisZeroMemory(Elem, sizeof(MLME_QUEUE_ELEM));
@@ -900,6 +902,8 @@ VOID BAOriSessionTearDown(
{
MLME_DELBA_REQ_STRUCT DelbaReq;
MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+ if (Elem == NULL)
+ return;
NdisZeroMemory(&DelbaReq, sizeof(DelbaReq));
NdisZeroMemory(Elem, sizeof(MLME_QUEUE_ELEM));
diff --git a/drivers/staging/rt2860/common/cmm_data.c b/drivers/staging/rt2860/common/cmm_data.c
index abbbcbf..774fabb 100644
--- a/drivers/staging/rt2860/common/cmm_data.c
+++ b/drivers/staging/rt2860/common/cmm_data.c
@@ -2011,6 +2011,8 @@ UINT deaggregate_AMSDU_announce(
{
// avoid local heap overflow, use dyanamic allocation
MLME_QUEUE_ELEM *Elem = (MLME_QUEUE_ELEM *) kmalloc(sizeof(MLME_QUEUE_ELEM), MEM_ALLOC_FLAG);
+ if (Elem == NULL)
+ return;
memmove(Elem->Msg+(LENGTH_802_11 + LENGTH_802_1_H), pPayload, PayloadSize);
Elem->MsgLen = LENGTH_802_11 + LENGTH_802_1_H + PayloadSize;
WpaEAPOLKeyAction(pAd, Elem);
diff --git a/drivers/staging/rt2860/rt_main_dev.c b/drivers/staging/rt2860/rt_main_dev.c
index 7f44414..22f37cf 100644
--- a/drivers/staging/rt2860/rt_main_dev.c
+++ b/drivers/staging/rt2860/rt_main_dev.c
@@ -777,6 +777,8 @@ INT __devinit rt28xx_probe(
// Allocate RTMP_ADAPTER miniport adapter structure
handle = kmalloc(sizeof(struct os_cookie), GFP_KERNEL);
+ if (handle == NULL)
+ goto err_out_free_netdev;;
RT28XX_HANDLE_DEV_ASSIGN(handle, dev_p);
status = RTMPAllocAdapterBlock(handle, &pAd);
--
1.6.4.2
More information about the devel
mailing list