summaryrefslogtreecommitdiff
path: root/drivers/scsi/gdth.c
diff options
context:
space:
mode:
authorSven Schnelle <svens@bitebene.org>2008-03-11 00:50:04 +0300
committerJames Bottomley <James.Bottomley@HansenPartnership.com>2008-03-15 04:31:18 +0300
commit1b96f8955aaeeb05f7fb7ff548aa12415fbf3904 (patch)
tree2106548e1e383f1d8b9e4ade34a232a0469253d0 /drivers/scsi/gdth.c
parent4d3995b14ba7abcdd475d17b8751db55d8a95b9e (diff)
downloadlinux-1b96f8955aaeeb05f7fb7ff548aa12415fbf3904.tar.xz
[SCSI] gdth: Allocate sense_buffer to prevent NULL pointer dereference
Fix NULL pointer dereference during execution of Internal commands, where gdth only allocates scp, but not scp->sense_buffer. The rest of the code assumes that sense_buffer is allocated, which leads to a kernel oops e.g. on reboot (during cache flush). Signed-off-by: Sven Schnelle <svens@stackframe.org> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Diffstat (limited to 'drivers/scsi/gdth.c')
-rw-r--r--drivers/scsi/gdth.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/drivers/scsi/gdth.c b/drivers/scsi/gdth.c
index 27ebd336409b..0b2080d33575 100644
--- a/drivers/scsi/gdth.c
+++ b/drivers/scsi/gdth.c
@@ -493,6 +493,12 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
if (!scp)
return -ENOMEM;
+ scp->sense_buffer = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_KERNEL);
+ if (!scp->sense_buffer) {
+ kfree(scp);
+ return -ENOMEM;
+ }
+
scp->device = sdev;
memset(&cmndinfo, 0, sizeof(cmndinfo));
@@ -513,6 +519,7 @@ int __gdth_execute(struct scsi_device *sdev, gdth_cmd_str *gdtcmd, char *cmnd,
rval = cmndinfo.status;
if (info)
*info = cmndinfo.info;
+ kfree(scp->sense_buffer);
kfree(scp);
return rval;
}