evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

diag: Add NULL pointer checks

Browse source 
Currently, there is a possibility of NULL pointer dereference
while accessing diag master table. The patch adds proper check
for null pointer while iterating over the list.

CRs-Fixed: 2077525
Change-Id: I51075b7a7f3acce0cb27822ad1acd8a5894cdaa9
Signed-off-by: Hardik Arya <harya@codeaurora.org>
This commit is contained in:
Hardik Arya 2017-07-18 13:38:26 +05:30
parent 502914e130
commit eb54351e06
1 changed files with 17 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
drivers/char/diag/diagchar_core.c
View file

@ -701,6 +701,11 @@ static void diag_cmd_invalidate_polling(int change_flag)
driver->polling_reg_flag = 0;
list_for_each_safe(start, temp, &driver->cmd_reg_list) {
item = list_entry(start, struct diag_cmd_reg_t, link);
if (&item->entry == NULL) {
pr_err("diag: In %s, unable to search command\n",
__func__);
return;
}
polling = diag_cmd_chk_polling(&item->entry);
if (polling == DIAG_CMD_POLLING) {
driver->polling_reg_flag = 1;
@ -842,6 +847,12 @@ void diag_cmd_remove_reg_by_pid(int pid)
mutex_lock(&driver->cmd_reg_mutex);
list_for_each_safe(start, temp, &driver->cmd_reg_list) {
item = list_entry(start, struct diag_cmd_reg_t, link);
if (&item->entry == NULL) {
pr_err("diag: In %s, unable to search command\n",
__func__);
mutex_unlock(&driver->cmd_reg_mutex);
return;
}
if (item->pid == pid) {
list_del(&item->link);
kfree(item);
@ -860,6 +871,12 @@ void diag_cmd_remove_reg_by_proc(int proc)
mutex_lock(&driver->cmd_reg_mutex);
list_for_each_safe(start, temp, &driver->cmd_reg_list) {
item = list_entry(start, struct diag_cmd_reg_t, link);
if (&item->entry == NULL) {
pr_err("diag: In %s, unable to search command\n",
__func__);
mutex_unlock(&driver->cmd_reg_mutex);
return;
}
if (item->proc == proc) {
list_del(&item->link);
kfree(item);