From 1956cc52e73984a39252994f0beee458fc0d8909 Mon Sep 17 00:00:00 2001 From: Jesper Juhl Date: Mon, 17 Jan 2011 10:24:57 +0000 Subject: ns83820: Avoid bad pointer deref in ns83820_init_one(). In drivers/net/ns83820.c::ns83820_init_one() we dynamically allocate memory via alloc_etherdev(). We then call PRIV() on the returned storage which is 'return netdev_priv()'. netdev_priv() takes the pointer it is passed and adds 'ALIGN(sizeof(struct net_device), NETDEV_ALIGN)' to it and returns it. Then we test the resulting pointer for NULL, which it is unlikely to be at this point, and later dereference it. This will go bad if alloc_etherdev() actually returned NULL. This patch reworks the code slightly so that we test for a NULL pointer (and return -ENOMEM) directly after calling alloc_etherdev(). Signed-off-by: Jesper Juhl Signed-off-by: Benjamin LaHaise Signed-off-by: David S. Miller --- drivers/net/ns83820.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'drivers/net/ns83820.c') diff --git a/drivers/net/ns83820.c b/drivers/net/ns83820.c index 84134c766f3a..a41b2cf4d917 100644 --- a/drivers/net/ns83820.c +++ b/drivers/net/ns83820.c @@ -1988,12 +1988,11 @@ static int __devinit ns83820_init_one(struct pci_dev *pci_dev, } ndev = alloc_etherdev(sizeof(struct ns83820)); - dev = PRIV(ndev); - err = -ENOMEM; - if (!dev) + if (!ndev) goto out; + dev = PRIV(ndev); dev->ndev = ndev; spin_lock_init(&dev->rx_info.lock); -- cgit v1.2.3-70-g09d2