diff options
author | Dan Carpenter <error27@gmail.com> | 2010-09-10 01:58:10 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-09-13 12:44:11 -0700 |
commit | 3429769bc67c7a48b3c01b2452b32171b3450202 (patch) | |
tree | 9664314000e1e0ae06ecb29423ca30cfd42f0c8e | |
parent | 339db11b219f36cf7da61b390992d95bb6b7ba2e (diff) | |
download | linux-3.10-3429769bc67c7a48b3c01b2452b32171b3450202.tar.gz linux-3.10-3429769bc67c7a48b3c01b2452b32171b3450202.tar.bz2 linux-3.10-3429769bc67c7a48b3c01b2452b32171b3450202.zip |
ppp: potential NULL dereference in ppp_mp_explode()
Smatch complains because we check whether "pch->chan" is NULL and then
dereference it unconditionally on the next line. Partly the reason this
bug was introduced is because code was too complicated. I've simplified
it a little.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | drivers/net/ppp_generic.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/drivers/net/ppp_generic.c b/drivers/net/ppp_generic.c index 6695a51e09e..736b91703b3 100644 --- a/drivers/net/ppp_generic.c +++ b/drivers/net/ppp_generic.c @@ -1314,8 +1314,13 @@ static int ppp_mp_explode(struct ppp *ppp, struct sk_buff *skb) hdrlen = (ppp->flags & SC_MP_XSHORTSEQ)? MPHDRLEN_SSN: MPHDRLEN; i = 0; list_for_each_entry(pch, &ppp->channels, clist) { - navail += pch->avail = (pch->chan != NULL); - pch->speed = pch->chan->speed; + if (pch->chan) { + pch->avail = 1; + navail++; + pch->speed = pch->chan->speed; + } else { + pch->avail = 0; + } if (pch->avail) { if (skb_queue_empty(&pch->file.xq) || !pch->had_frag) { |