This is a 2.4 backport of a linux-2.6 change by Cyrill Gorcunov.
(commit 9ac71d00398674aaec664f30559f0a21d963862f)
CVE-2007-6694 was assigned for this issue.
This backport has been compile-tested only.
Commit log from 2.6 follows.
This fixes a possible NULL pointer dereference inside of strncmp() if
of_get_property() fails.
Signed-off-by: dann frazier <[EMAIL PROTECTED]>
diff --git a/arch/ppc/platforms/chrp_setup.c b/arch/ppc/platforms/chrp_setup.c
index 0ffbbd2..28747db 100644
--- a/arch/ppc/platforms/chrp_setup.c
+++ b/arch/ppc/platforms/chrp_setup.c
@@ -121,7 +121,7 @@ chrp_show_cpuinfo(struct seq_file *m)
seq_printf(m, "machine\t\t: CHRP %s\n", model);
/* longtrail (goldengate) stuff */
- if (!strncmp(model, "IBM,LongTrail", 13)) {
+ if (model && !strncmp(model, "IBM,LongTrail", 13)) {
/* VLSI VAS96011/12 `Golden Gate 2' */
/* Memory banks */
sdramen = (in_le32((unsigned *)(gg2_pci_config_base+
@@ -210,14 +210,20 @@ static void __init sio_fixup_irq(const char *name, u8
device, u8 level,
static void __init sio_init(void)
{
struct device_node *root;
+ const char *model;
- if ((root = find_path_device("/")) &&
- !strncmp(get_property(root, "model", NULL), "IBM,LongTrail", 13)) {
+ root = find_path_device("/");
+ if (!root)
+ return;
+
+ model = get_property(root, "model", NULL);
+ if (model && !strncmp(model, "IBM,LongTrail", 13)) {
/* logical device 0 (KBC/Keyboard) */
sio_fixup_irq("keyboard", 0, 1, 2);
/* select logical device 1 (KBC/Mouse) */
sio_fixup_irq("mouse", 1, 12, 2);
}
+
}
--
1.5.4
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
