[PATCH] drivers/platform/x86/amilo-rfkill.c::amilo_rfkill_probe()avoid NULL deref
From: Jesper Juhl
Date: Thu Mar 22 2012 - 20:08:33 EST
In drivers/platform/x86/amilo-rfkill.c::amilo_rfkill_probe() the call
to dmi_first_match() may fail and return NULL. If it does return NULL,
then we'll be dereferencing a NULL pointer in the rfkill_alloc() call
where we do 'system_id->driver_data' --> KABOOM!
Avoid that problem by testing for a NULL return value from
dmi_first_match() and bailing out if it fails.
I was a bit uncertain about what to return in the failure case. In the
end I settled for -ENXIO as the most logical error to return.
Signed-off-by: Jesper Juhl <jj@xxxxxxxxxxxxx>
---
drivers/platform/x86/amilo-rfkill.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
Compile tested only since I have no real way to test this.
diff --git a/drivers/platform/x86/amilo-rfkill.c b/drivers/platform/x86/amilo-rfkill.c
index 19170bb..a514bf6 100644
--- a/drivers/platform/x86/amilo-rfkill.c
+++ b/drivers/platform/x86/amilo-rfkill.c
@@ -97,9 +97,12 @@ static struct rfkill *amilo_rfkill_dev;
static int __devinit amilo_rfkill_probe(struct platform_device *device)
{
+ int rc;
const struct dmi_system_id *system_id =
dmi_first_match(amilo_rfkill_id_table);
- int rc;
+
+ if (!system_id)
+ return -ENXIO;
amilo_rfkill_dev = rfkill_alloc(KBUILD_MODNAME, &device->dev,
RFKILL_TYPE_WLAN,
--
1.7.9.4
--
Jesper Juhl <jj@xxxxxxxxxxxxx> http://www.chaosbits.net/
Don't top-post http://www.catb.org/jargon/html/T/top-post.html
Plain text mails only, please.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/