From 59aabd6a223de6af2a513bfac1bb783764820c72 Mon Sep 17 00:00:00 2001 From: Iker Pedrosa Date: Thu, 8 Aug 2013 12:56:44 +0200 Subject: [PATCH] Staging: rtl8192e: rtllib_rx: checking NULL value after doing dev_alloc_skb Checking the return of dev_alloc_skb as stated in the following bug: https://bugzilla.kernel.org/show_bug.cgi?id=60401 Reported-by: RUC_Soft_Sec rucsoftsec@gmail.com Cc: Dan Carpenter Signed-off-by: Iker Pedrosa Signed-off-by: Greg Kroah-Hartman --- drivers/staging/rtl8192e/rtllib_rx.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/staging/rtl8192e/rtllib_rx.c b/drivers/staging/rtl8192e/rtllib_rx.c index e75364e3eb43..6a51f29e0737 100644 --- a/drivers/staging/rtl8192e/rtllib_rx.c +++ b/drivers/staging/rtl8192e/rtllib_rx.c @@ -777,6 +777,8 @@ static u8 parse_subframe(struct rtllib_device *ieee, struct sk_buff *skb, /* Allocate new skb for releasing to upper layer */ sub_skb = dev_alloc_skb(RTLLIB_SKBBUFFER_SIZE); + if (!sub_skb) + return 0; skb_reserve(sub_skb, 12); data_ptr = (u8 *)skb_put(sub_skb, skb->len); memcpy(data_ptr, skb->data, skb->len); @@ -825,6 +827,8 @@ static u8 parse_subframe(struct rtllib_device *ieee, struct sk_buff *skb, /* Allocate new skb for releasing to upper layer */ sub_skb = dev_alloc_skb(nSubframe_Length + 12); + if (!sub_skb) + return 0; skb_reserve(sub_skb, 12); data_ptr = (u8 *)skb_put(sub_skb, nSubframe_Length); memcpy(data_ptr, skb->data, nSubframe_Length);