From: hartkopp <hartkopp@030b6a49-0b11-0410-94ab-b0dab22257f2>
Date: Wed, 20 Apr 2011 12:02:58 +0000 (+0000)
Subject: can: add missing socket check in {raw|bcm|isotp}_release functions
X-Git-Url: https://rtime.felk.cvut.cz/gitweb/socketcan-devel.git/commitdiff_plain/d66fad2088d546518979e0ed22da412b75a564ce

can: add missing socket check in {raw|bcm|isotp}_release functions

We can get here with a NULL socket argument passed from userspace,
so we need to handle it accordingly.

Thanks to Dave Jones pointing at this issue in net/can/bcm.c

Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>



git-svn-id: svn://svn.berlios.de//socketcan/trunk@1240 030b6a49-0b11-0410-94ab-b0dab22257f2
---

diff --git a/kernel/2.6/net/can/bcm.c b/kernel/2.6/net/can/bcm.c
index 6250c71..e552e88 100644
--- a/kernel/2.6/net/can/bcm.c
+++ b/kernel/2.6/net/can/bcm.c
@@ -1557,9 +1557,14 @@ static int bcm_init(struct sock *sk)
 static int bcm_release(struct socket *sock)
 {
 	struct sock *sk = sock->sk;
-	struct bcm_sock *bo = bcm_sk(sk);
+	struct bcm_sock *bo;
 	struct bcm_op *op, *next;
 
+	if (sk == NULL)
+		return 0;
+
+	bo = bcm_sk(sk);
+
 	/* remove bcm_ops, timer, rx_unregister(), etc. */
 
 	unregister_netdevice_notifier(&bo->notifier);
diff --git a/kernel/2.6/net/can/isotp.c b/kernel/2.6/net/can/isotp.c
index 21477e2..d6df442 100644
--- a/kernel/2.6/net/can/isotp.c
+++ b/kernel/2.6/net/can/isotp.c
@@ -795,7 +795,12 @@ static int isotp_recvmsg(struct kiocb *iocb, struct socket *sock,
 static int isotp_release(struct socket *sock)
 {
 	struct sock *sk = sock->sk;
-	struct isotp_sock *so = isotp_sk(sk);
+	struct isotp_sock *so;
+
+	if (!sk)
+		return 0;
+
+	so = isotp_sk(sk);
 
 	/* wait for complete transmission of current pdu */
 	wait_event_interruptible(so->wait, so->tx.state == ISOTP_IDLE);
diff --git a/kernel/2.6/net/can/raw.c b/kernel/2.6/net/can/raw.c
index 5ab46ce..c85607b 100644
--- a/kernel/2.6/net/can/raw.c
+++ b/kernel/2.6/net/can/raw.c
@@ -333,7 +333,12 @@ static int raw_init(struct sock *sk)
 static int raw_release(struct socket *sock)
 {
 	struct sock *sk = sock->sk;
-	struct raw_sock *ro = raw_sk(sk);
+	struct raw_sock *ro;
+
+	if (!sk)
+		return 0;
+
+	ro = raw_sk(sk);
 
 	unregister_netdevice_notifier(&ro->notifier);