Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 71fe5361 authored by Arun Kumar Neelakantam's avatar Arun Kumar Neelakantam Committed by Gerrit - the friendly Code Review server
Browse files

net: ipc_router: fix NULL pointer de-reference issue 



Fail cases of accept() system call on AF_MSM_IPC socket family causes
NULL pointer de-reference of sock structure variable in release operation.

Validate the sock structure pointer before using it in release operation.

CRs-Fixed: 1068888
Change-Id: I5637e52be59ea9504ea6ae317394bef0c28c7865
Signed-off-by: default avatarArun Kumar Neelakantam <aneela@codeaurora.org>
parent 6e3dd4c6

net/ipc_router/ipc_router_socket.c

+9 −1
Original line number Diff line number Diff line
@@ -555,10 +555,18 @@ static unsigned int msm_ipc_router_poll(struct file *file, 
static int msm_ipc_router_close(struct socket *sock)

{

	struct sock *sk = sock->sk;

	struct msm_ipc_port *port_ptr = msm_ipc_sk_port(sk);

	struct msm_ipc_port *port_ptr;

	int ret;



	if (!sk)

		return -EINVAL;



	lock_sock(sk);

	port_ptr = msm_ipc_sk_port(sk);

	if (!port_ptr) {

		release_sock(sk);

		return -EINVAL;

	}

	ret = msm_ipc_router_close_port(port_ptr);

	msm_ipc_unload_default_node(msm_ipc_sk(sk)->default_node_vote_info);

	release_sock(sk);