potential null dereference in proto_register()

potential null dereference in proto_register()

[Dan Carpenter]

There is a potential null dereference in proto_register() 
from net/core/sock.c

prot->rsk_prot can be null on line 2161 but we dereference it on line 
2167.

  2161  out_free_request_sock_slab:
  2162          if (prot->rsk_prot && prot->rsk_prot->slab) {
  2163                  kmem_cache_destroy(prot->rsk_prot->slab);
  2164                  prot->rsk_prot->slab = NULL;
  2165          }
  2166  out_free_request_sock_slab_name:
  2167          kfree(prot->rsk_prot->slab_name);

Found by smatch.

regards,
dan carpenter

Re: potential null dereference in proto_register()

[David Miller]

From: Dan Carpenter <error27@gmail.com>
Date: Tue, 2 Jun 2009 11:50:52 +0300 (EAT)

> There is a potential null dereference in proto_register() 
> from net/core/sock.c
> 
> prot->rsk_prot can be null on line 2161 but we dereference it on line 
> 2167.
> 
>   2161  out_free_request_sock_slab:
>   2162          if (prot->rsk_prot && prot->rsk_prot->slab) {
>   2163                  kmem_cache_destroy(prot->rsk_prot->slab);
>   2164                  prot->rsk_prot->slab = NULL;
>   2165          }
>   2166  out_free_request_sock_slab_name:
>   2167          kfree(prot->rsk_prot->slab_name);
> 
> Found by smatch.

This won't ever happen because a protocol that provides a twsk_prot
has to provide a rsk_prot too.

Re: potential null dereference in proto_register()

[Jarek Poplawski]

On 02-06-2009 11:54, David Miller wrote:
> From: Dan Carpenter <error27@gmail.com>
> Date: Tue, 2 Jun 2009 11:50:52 +0300 (EAT)
> 
>> There is a potential null dereference in proto_register() 
>> from net/core/sock.c
>>
>> prot->rsk_prot can be null on line 2161 but we dereference it on line 
>> 2167.
>>
>>   2161  out_free_request_sock_slab:
>>   2162          if (prot->rsk_prot && prot->rsk_prot->slab) {
>>   2163                  kmem_cache_destroy(prot->rsk_prot->slab);
>>   2164                  prot->rsk_prot->slab = NULL;
>>   2165          }
>>   2166  out_free_request_sock_slab_name:
>>   2167          kfree(prot->rsk_prot->slab_name);
>>
>> Found by smatch.
> 
> This won't ever happen because a protocol that provides a twsk_prot
> has to provide a rsk_prot too.

Then, according to smatch, we should change it:

-       if (prot->rsk_prot && prot->rsk_prot->slab) {
+       if (prot->rsk_prot->slab) {

Jarek P.