From: Vegard Nossum <vegard.nos...@oracle.com> Date: Fri, 12 Aug 2016 10:29:13 +0200
> If iriap_register_lsap() fails to allocate memory, self->lsap is > set to NULL. However, none of the callers handle the failure and > irlmp_connect_request() will happily dereference it: ... > The bug seems to have been around since forever. > > There's more problems with missing error checks in iriap_init() (and > indeed all of irda_init()), but that's a bigger problem that needs > very careful review and testing. This patch will fix the most serious > bug (as it's easily reached from unprivileged userspace). > > I have tested my patch with a reproducer. > > Signed-off-by: Vegard Nossum <vegard.nos...@oracle.com> Applied.
