Function chtls_close_conn() defined in drivers/crypto/chelsio/chtls/chtls_cm.c calls alloc_skb() to allocate memory for struct sk_buff which is dereferenced immediately. As alloc_skb() may return NULL on failure, this code piece may cause NULL pointer dereference bug. --- drivers/crypto/chelsio/chtls/chtls_cm.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/drivers/crypto/chelsio/chtls/chtls_cm.c b/drivers/crypto/chelsio/chtls/chtls_cm.c index 0997e16..0e8eec6 100644 --- a/drivers/crypto/chelsio/chtls/chtls_cm.c +++ b/drivers/crypto/chelsio/chtls/chtls_cm.c @@ -267,6 +267,8 @@ static void chtls_close_conn(struct sock *sk) tid = csk->tid; skb = alloc_skb(len, GFP_KERNEL | __GFP_NOFAIL); + if (!skb) + return -ENOMEM; req = (struct cpl_close_con_req *)__skb_put(skb, len); memset(req, 0, len); req->wr.wr_hi = htonl(FW_WR_OP_V(FW_TP_WR) | -- 2.6.4