| User: | Jiri Slaby |
| Error type: | Invalid Pointer Dereference |
| Error type description: | A pointer which is invalid is being dereferenced |
| File location: | net/sctp/socket.c |
| Line in file: | 1772 |
| Project: | Linux Kernel |
| Project version: | 2.6.28 |
| Tools: |
Smatch
(1.59)
|
| Entered: | 2013-09-10 20:24:52 UTC |
1742 /* If an address is passed with the sendto/sendmsg call, it is used 1743 * to override the primary destination address in the TCP model, or 1744 * when SCTP_ADDR_OVER flag is set in the UDP model. 1745 */ 1746 if ((sctp_style(sk, TCP) && msg_name) || 1747 (sinfo_flags & SCTP_ADDR_OVER)) { 1748 chunk_tp = sctp_assoc_lookup_paddr(asoc, &to); 1749 if (!chunk_tp) { 1750 err = -EINVAL; 1751 goto out_free; 1752 } 1753 } else 1754 chunk_tp = NULL; 1755 1756 /* Auto-connect, if we aren't connected already. */ 1757 if (sctp_state(asoc, CLOSED)) { 1758 err = sctp_primitive_ASSOCIATE(asoc, NULL); 1759 if (err < 0) 1760 goto out_free; 1761 SCTP_DEBUG_PRINTK("We associated primitively.\n"); 1762 } 1763 1764 /* Break the message into multiple chunks of maximum size. */ 1765 datamsg = sctp_datamsg_from_user(asoc, sinfo, msg, msg_len); 1766 if (!datamsg) { 1767 err = -ENOMEM; 1768 goto out_free; 1769 } 1770 1771 /* Now send the (possibly) fragmented message. */ 1772 list_for_each_entry(chunk, &datamsg->chunks, frag_list) { 1773 sctp_chunk_hold(chunk); 1774 1775 /* Do accounting for the write space. */ 1776 sctp_set_owner_w(chunk); 1777 1778 chunk->transport = chunk_tp; 1779 1780 /* Send it to the lower layers. Note: all chunks 1781 * must either fail or succeed. The lower layer 1782 * works that way today. Keep it that way or this