2004-04-16 21:27:13

by Dave Jones

[permalink] [raw]
Subject: yam driver null deref

--- linux-2.6.5/drivers/net/hamradio/yam.c~ 2004-04-16 22:24:00.000000000 +0100
+++ linux-2.6.5/drivers/net/hamradio/yam.c 2004-04-16 22:24:32.000000000 +0100
@@ -919,9 +919,12 @@
static int yam_close(struct net_device *dev)
{
struct sk_buff *skb;
- struct yam_port *yp = (struct yam_port *) dev->priv;
+ struct yam_port *yp;

- if (!dev || !yp)
+ if (!dev)
+ return -EINVAL;
+ yp = dev->priv;
+ if (!yp)
return -EINVAL;
/*
* disable interrupts


2004-04-16 21:52:45

by Jeff Garzik

[permalink] [raw]
Subject: Re: yam driver null deref

Dave Jones wrote:
> --- linux-2.6.5/drivers/net/hamradio/yam.c~ 2004-04-16 22:24:00.000000000 +0100
> +++ linux-2.6.5/drivers/net/hamradio/yam.c 2004-04-16 22:24:32.000000000 +0100
> @@ -919,9 +919,12 @@
> static int yam_close(struct net_device *dev)
> {
> struct sk_buff *skb;
> - struct yam_port *yp = (struct yam_port *) dev->priv;
> + struct yam_port *yp;
>
> - if (!dev || !yp)
> + if (!dev)
> + return -EINVAL;
> + yp = dev->priv;
> + if (!yp)
> return -EINVAL;


Ditto... dev will never be NULL here. And most likely not dev->priv
either.

Jeff