netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* ip_frag_reasm() can return uninitialized variable
@ 2007-10-18 10:52 Adrian Bunk
  2007-10-18 11:47 ` David Miller
  0 siblings, 1 reply; 2+ messages in thread
From: Adrian Bunk @ 2007-10-18 10:52 UTC (permalink / raw)
  To: Herbert Xu; +Cc: netdev, linux-kernel

Since commit 1706d58763c36133d7fce6cc78b1444fd40db28c ip_frag_reasm() 
can return the value of an uninitialized variable:

<--  snip  -->

...
static int ip_frag_reasm(struct ipq *qp, struct sk_buff *prev,
                         struct net_device *dev)
{
        struct iphdr *iph;
        struct sk_buff *fp, *head = qp->q.fragments;
        int len;
        int ihlen;
        int err;

        ipq_kill(qp);

        /* Make the one we just received the head. */
        if (prev) {
                head = prev->next;
                fp = skb_clone(head, GFP_ATOMIC);

                if (!fp)
                        goto out_nomem;
...
out_nomem:
        LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing "
                              "queue %p\n", qp);
        goto out_fail;
...
out_fail:
        IP_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
        return err;
}
...

<--  snip  -->

Spotted by the Coverity checker.

cu
Adrian

-- 

       "Is there not promise of rain?" Ling Tan asked suddenly out
        of the darkness. There had been need of rain for many days.
       "Only a promise," Lao Er said.
                                       Pearl S. Buck - Dragon Seed


^ permalink raw reply	[flat|nested] 2+ messages in thread
* Re: ip_frag_reasm() can return uninitialized variable
  2007-10-18 10:52 ip_frag_reasm() can return uninitialized variable Adrian Bunk
@ 2007-10-18 11:47 ` David Miller
  0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2007-10-18 11:47 UTC (permalink / raw)
  To: bunk; +Cc: herbert, netdev, linux-kernel

From: Adrian Bunk <bunk@kernel.org>
Date: Thu, 18 Oct 2007 12:52:03 +0200

> Since commit 1706d58763c36133d7fce6cc78b1444fd40db28c ip_frag_reasm() 
> can return the value of an uninitialized variable:

I have a fix for this in my net-2.6 tree, thanks Adrian.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2007-10-18 11:47 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-10-18 10:52 ip_frag_reasm() can return uninitialized variable Adrian Bunk
2007-10-18 11:47 ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).