net: usb: raw-ip: check invalid reference
Shawn Joo(Seongho) [Thu, 8 Mar 2012 08:46:26 +0000 (17:46 +0900)]
before point reference check valid.
it prevents null point reference panic.

Bug 954883

Signed-off-by: Shawn Joo(Seongho) <sjoo@nvidia.com>
Reviewed-on: http://git-master/r/88781
(cherry picked from commit aac87c7d9c7cf7563bb79a29d517a6ffdba5874f)

Change-Id: Ica17acb6cc2a1a7ed03f41d8b569fdb6e2098fc9
Reviewed-on: http://git-master/r/96464
Reviewed-by: Simone Willett <swillett@nvidia.com>
Tested-by: Simone Willett <swillett@nvidia.com>

drivers/net/usb/raw_ip_net.c

index 1b32a0c..b8cc5fd 100644 (file)
@@ -571,8 +571,8 @@ static int usb_net_raw_ip_rx_urb_submit(struct baseband_usb *usb)
 
 static void usb_net_raw_ip_rx_urb_comp(struct urb *urb)
 {
-       struct baseband_usb *usb = (struct baseband_usb *) urb->context;
-       int i = usb->baseband_index;
+       struct baseband_usb *usb;
+       int i;
        struct sk_buff *skb;
        unsigned char *dst;
        unsigned char ethernet_header[14] = {
@@ -595,6 +595,8 @@ static void usb_net_raw_ip_rx_urb_comp(struct urb *urb)
                pr_err("no urb\n");
                return;
        }
+       usb = (struct baseband_usb *)urb->context;
+       i = usb->baseband_index;
        switch (urb->status) {
        case 0:
                break;
@@ -798,7 +800,9 @@ static void usb_net_raw_ip_tx_urb_work(struct work_struct *work)
        pr_debug("usb_net_raw_ip_tx_urb_work {\n");
 
        /* check if tx urb(s) queued */
-       if (!usb->usb.tx_urb && usb_anchor_empty(&usb->usb.tx_urb_deferred)) {
+       if (usb == NULL ||
+               (!usb->usb.tx_urb &&
+               usb_anchor_empty(&usb->usb.tx_urb_deferred))) {
                pr_debug("%s: nothing to do!\n", __func__);
                return;
        }
@@ -858,7 +862,7 @@ static void usb_net_raw_ip_tx_urb_work(struct work_struct *work)
 
 static void usb_net_raw_ip_tx_urb_comp(struct urb *urb)
 {
-       struct baseband_usb *usb = (struct baseband_usb *) urb->context;
+       struct baseband_usb *usb;
 
        pr_debug("usb_net_raw_ip_tx_urb_comp {\n");
 
@@ -867,6 +871,7 @@ static void usb_net_raw_ip_tx_urb_comp(struct urb *urb)
                pr_err("no urb\n");
                return;
        }
+       usb = (struct baseband_usb *)urb->context;
        switch (urb->status) {
        case 0:
                break;