From 9b815beb16ff05759ded65e4dc4b0dc50e8d87e1 Mon Sep 17 00:00:00 2001 From: Marian Chereji Date: Tue, 4 Nov 2014 13:25:21 +0200 Subject: dpa_offload: Avoid dereferencing a NULL pointer in case of corrupted user params In the dpa_classifier function "try_compatible_node" there are some places where the header manipulation operation flags are compared to the configuration of an existing header manipulation node. The control path however doesn't suspend in case an inconsistency is found in the flags and, in some rare cases when users provide corrupt parameters, there is a danger to dereference a NULL hm_node pointer. Change-Id: I355862c146a228e5878272156adaf92a76391ce6 Signed-off-by: Marian Chereji Reviewed-on: http://git.am.freescale.net:8181/23111 Tested-by: Review Code-CDREVIEW Reviewed-by: Anca Jeanina Floarea Reviewed-by: Richard Schmitt diff --git a/drivers/staging/fsl_dpa_offload/dpa_classifier.c b/drivers/staging/fsl_dpa_offload/dpa_classifier.c index 20b0143..e360e09 100644 --- a/drivers/staging/fsl_dpa_offload/dpa_classifier.c +++ b/drivers/staging/fsl_dpa_offload/dpa_classifier.c @@ -3896,8 +3896,10 @@ static struct dpa_cls_hm_node *try_compatible_node(const struct dpa_cls_hm *hm) * compatible for aggregation: */ if ((hm->update_params.op_flags & update_flags) && - (hm_node->params.u.hdr.fieldUpdate)) + (hm_node->params.u.hdr.fieldUpdate)) { hm_node = NULL; + break; + } /* * If in the previous HM node the custom header replace @@ -3928,8 +3930,11 @@ static struct dpa_cls_hm_node *try_compatible_node(const struct dpa_cls_hm *hm) * not compatible for aggregation: */ if ((hm->vlan_params.egress.num_tags) && - (hm_node->params.u.hdr.insrt)) + (hm_node->params.u.hdr.insrt)) { hm_node = NULL; + break; + } + /* * If in the previous HM node the update operation is * already used and we need to do VLAN update, then it -- cgit v0.10.2