[OPENPROMIO]: Handle current_node being NULL correctly.

If the user tries to traverse to the next node of the last node, we get NULL in current_node and a zero phandle returned. That's fine, but if the user tries to obtain properties in that state, we try to dereference a NULL pointer in the downcall to the of_*() routines. So protect against that. Signed-off-by: David S. Miller <davem@davemloft.net>
git-mirror · Sep 18, 2006 · b9b64e6 · b9b64e6
1 parent 803db24
commit b9b64e6
Showing 1 changed file with 10 additions and 3 deletions.
diff --git a/drivers/sbus/char/openprom.c b/drivers/sbus/char/openprom.c
@@ -145,8 +145,9 @@ static int opromgetprop(void __user *argp, struct device_node *dp, struct openpr
 	void *pval;
 	int len;
 
-	pval = of_get_property(dp, op->oprom_array, &len);
-	if (!pval || len <= 0 || len > bufsize)
+	if (!dp ||
+	    !(pval = of_get_property(dp, op->oprom_array, &len)) ||
+	    len <= 0 || len > bufsize)
 		return copyout(argp, op, sizeof(int));
 
 	memcpy(op->oprom_array, pval, len);
@@ -161,6 +162,8 @@ static int opromnxtprop(void __user *argp, struct device_node *dp, struct openpr
 	struct property *prop;
 	int len;
 
+	if (!dp)
+		return copyout(argp, op, sizeof(int));
 	if (op->oprom_array[0] == '\0') {
 		prop = dp->properties;
 		if (!prop)
@@ -266,9 +269,13 @@ static int oprompci2node(void __user *argp, struct device_node *dp, struct openp
 
 static int oprompath2node(void __user *argp, struct device_node *dp, struct openpromio *op, int bufsize, DATA *data)
 {
+	phandle ph = 0;
+
 	dp = of_find_node_by_path(op->oprom_array);
+	if (dp)
+		ph = dp->node;
 	data->current_node = dp;
-	*((int *)op->oprom_array) = dp->node;
+	*((int *)op->oprom_array) = ph;
 	op->oprom_size = sizeof(int);
 
 	return copyout(argp, op, bufsize + sizeof(int));