libceph: potential NULL dereference in ceph_msg_data_create()

If kmem_cache_zalloc() returns NULL then the INIT_LIST_HEAD(&data->links); will Oops. The callers aren't really prepared for NULL returns so it doesn't make a lot of difference in real life. Fixes: 5240d9f95d ("libceph: replace message data pointer with list") Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
2017-07-17 11:13:35 +03:00 · 2017-07-17 11:13:35 +03:00 · 7c40b22f6f
commit 7c40b22f6f
parent 84583cfb97
1 changed files with 4 additions and 2 deletions
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@ -3203,8 +3203,10 @@ static struct ceph_msg_data *ceph_msg_data_create(enum ceph_msg_data_type type)
 		return NULL;

 	data = kmem_cache_zalloc(ceph_msg_data_cache, GFP_NOFS);
-	if (data)
-		data->type = type;
+	if (!data)
+		return NULL;
+
+	data->type = type;
 	INIT_LIST_HEAD(&data->links);

 	return data;