Skip to content

Commit

Permalink
libceph: potential NULL dereference in ceph_msg_data_create()
Browse files Browse the repository at this point in the history 
If kmem_cache_zalloc() returns NULL then the INIT_LIST_HEAD(&data->links);
will Oops.  The callers aren't really prepared for NULL returns so it
doesn't make a lot of difference in real life.

Fixes: 5240d9f ("libceph: replace message data pointer with list")
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: Ilya Dryomov <[email protected]>
  • Loading branch information
@idryomov
Dan Carpenter authored and idryomov committed Jul 17, 2017
1 parent 84583cf commit 7c40b22
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions net/ceph/messenger.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3203,8 +3203,10 @@ static struct ceph_msg_data *ceph_msg_data_create(enum ceph_msg_data_type type)
return NULL;

data = kmem_cache_zalloc(ceph_msg_data_cache, GFP_NOFS);
if (data)
data->type = type;
if (!data)
return NULL;

data->type = type;
INIT_LIST_HEAD(&data->links);

return data;
Expand Down

0 comments on commit 7c40b22

Please sign in to comment.