[wily/master-next 6/7] isdn_ppp: Add checks for allocation failure in isdn_ppp_open()
Andy Whitcroft
apw at canonical.com
Wed Dec 2 14:59:36 UTC 2015
From: Ben Hutchings <ben at decadent.org.uk>
Compile-tested only.
Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit 0baa57d8dc32db78369d8b5176ef56c5e2e18ab3)
CVE-2015-7799
BugLink: http://bugs.launchpad.net/bugs/1508329
Signed-off-by: Andy Whitcroft <apw at canonical.com>
---
drivers/isdn/i4l/isdn_ppp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
index c4198fa..86f9abe 100644
--- a/drivers/isdn/i4l/isdn_ppp.c
+++ b/drivers/isdn/i4l/isdn_ppp.c
@@ -301,6 +301,8 @@ isdn_ppp_open(int min, struct file *file)
is->compflags = 0;
is->reset = isdn_ppp_ccp_reset_alloc(is);
+ if (!is->reset)
+ return -ENOMEM;
is->lp = NULL;
is->mp_seqno = 0; /* MP sequence number */
@@ -320,6 +322,10 @@ isdn_ppp_open(int min, struct file *file)
* VJ header compression init
*/
is->slcomp = slhc_init(16, 16); /* not necessary for 2. link in bundle */
+ if (!is->slcomp) {
+ isdn_ppp_ccp_reset_free(is);
+ return -ENOMEM;
+ }
#endif
#ifdef CONFIG_IPPP_FILTER
is->pass_filter = NULL;
--
2.6.2
More information about the kernel-team
mailing list