can: bcm: check for null sk before deferencing it via the call to sock_net

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The assignment of net via call sock_net will dereference sk. This
is performed before a sanity null check on sk, so there could be
a potential null dereference on the sock_net call if sk is null.
Fix this by assigning net after the sk null check. Also replace
the sk == NULL with the more usual !sk idiom.

Detected by CoverityScan CID#1431862 ("Dereference before null check")

Fixes: 384317ef4187 ("can: network namespace support for CAN_BCM protocol")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>

authored by

Colin Ian King and committed by

Marc Kleine-Budde 8 years ago 62c04647 fb5b91d6

+3 -2

1 changed file

expand all

net

can

bcm.c

+3 -2

net/can/bcm.c

··· 1493 1493 static int bcm_release(struct socket *sock) 1494 1494 { 1495 1495 struct sock *sk = sock->sk; 1496 - struct net *net = sock_net(sk); 1496 + struct net *net; 1497 1497 struct bcm_sock *bo; 1498 1498 struct bcm_op *op, *next; 1499 1499 1500 - if (sk == NULL) 1500 + if (!sk) 1501 1501 return 0; 1502 1502 1503 + net = sock_net(sk); 1503 1504 bo = bcm_sk(sk); 1504 1505 1505 1506 /* remove bcm_ops, timer, rx_unregister(), etc. */