commit c870f95c8c5c40d2c38970246ed737b8264f0b0e
Author: Patrick McHardy <kaber@trash.net>
Date:   Wed Nov 19 14:19:11 2008 +0100

    pkt_sched: fix missing check for packet overrun in qdisc_dump_stab()
    
    nla_nest_start() might return NULL, causing a NULL pointer dereference.
    
    Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index 5bcef13..1ef25e6 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -422,6 +422,8 @@ static int qdisc_dump_stab(struct sk_buff *skb, struct qdisc_size_table *stab)
 	struct nlattr *nest;
 
 	nest = nla_nest_start(skb, TCA_STAB);
+	if (nest == NULL)
+		goto nla_put_failure;
 	NLA_PUT(skb, TCA_STAB_BASE, sizeof(stab->szopts), &stab->szopts);
 	nla_nest_end(skb, nest);