isdn: guard against a potential NULL pointer dereference in old_capi_manufacturer()

In drivers/isdn/capi/kcapi.c::old_capi_manufacturer(), if the call to
get_capi_ctr_by_nr(ldef.contr); in line 823 returns NULL, then we'll be
dereferencing a NULL pointer in the very next line.

(Found by Coverity checker as bug #402)

Signed-off-by: Jesper Juhl <[email protected]>
Acked-by: Karsten Keil <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>

diff --git a/drivers/isdn/capi/kcapi.c b/drivers/isdn/capi/kcapi.c
index 9f73bc2727c29f8d8fe393b9fbd8faa37af2218a..f55531869313f2422705c79910568982dd476a2e 100644 (file)
--- a/drivers/isdn/capi/kcapi.c
+++ b/drivers/isdn/capi/kcapi.c
@@ -821,6 +821,8 @@ static int old_capi_manufacturer(unsigned int cmd, void __user *data)
                                return -EFAULT;
                }
                card = get_capi_ctr_by_nr(ldef.contr);
+               if (!card)
+                       return -EINVAL;
                card = capi_ctr_get(card);
                if (!card)
                        return -ESRCH;