[PATCH] net: tipc: Fix a possible null-pointer dereference in tipc_publ_purge()

Jia-Ju Bai Thu, 25 Jul 2019 02:20:44 -0700

In tipc_publ_purge(), there is an if statement on 215 to 
check whether p is NULL: 
    if (p)


When p is NULL, it is used on line 226:
    kfree_rcu(p, rcu);

Thus, a possible null-pointer dereference may occur.

To fix this bug, p is checked before being used.

This bug is found by a static analysis tool STCheck written by us.

Signed-off-by: Jia-Ju Bai <baijiaju1...@gmail.com>
---
 net/tipc/name_distr.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
index 44abc8e9c990..241ed2274473 100644
--- a/net/tipc/name_distr.c
+++ b/net/tipc/name_distr.c
@@ -223,7 +223,8 @@ static void tipc_publ_purge(struct net *net, struct 
publication *publ, u32 addr)
                       publ->key);
        }
 
-       kfree_rcu(p, rcu);
+       if (p)
+               kfree_rcu(p, rcu);
 }
 
 /**
-- 
2.17.0

[PATCH] net: tipc: Fix a possible null-pointer dereference in tipc_publ_purge()

Reply via email to