| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1453951851-24501-1-git-send-email-bernie.harris@alliedtelesis.co.nz>
Date: Thu, 28 Jan 2016 16:30:51 +1300
From: Bernie Harris <bernie.harris@...iedtelesis.co.nz>
To: netdev@...r.kernel.org
Cc: davem@...emloft.net, jhs@...atatu.com, stable@...r.kernel.org,
bernie.harris@...iedtelesis.co.nz
Subject: [PATCH] net_sched: drr: check for NULL pointer in drr_dequeue
There are cases where qdisc_dequeue_peeked can return NULL, and the result
is dereferenced later on in the function.
Similarly to the other qdisc dequeue functions, check whether the skb
pointer is NULL and if it is, goto out.
Signed-off-by: Bernie Harris <bernie.harris@...iedtelesis.co.nz>
---
net/sched/sch_drr.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/sched/sch_drr.c b/net/sched/sch_drr.c
index f26bdea..a1cd778 100644
--- a/net/sched/sch_drr.c
+++ b/net/sched/sch_drr.c
@@ -403,6 +403,8 @@ static struct sk_buff *drr_dequeue(struct Qdisc *sch)
if (len <= cl->deficit) {
cl->deficit -= len;
skb = qdisc_dequeue_peeked(cl->qdisc);
+ if (unlikely(skb == NULL))
+ goto out;
if (cl->qdisc->q.qlen == 0)
list_del(&cl->alist);
--
2.7.0
Powered by blists - more mailing lists