pkt_sched: fix missing check for packet overrun in qdisc_dump_stab()

nla_nest_start() might return NULL, causing a NULL pointer dereference.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index b16ad29..6ab4a2f 100644 (file)
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -417,6 +417,8 @@ static int qdisc_dump_stab(struct sk_buff *skb, struct qdisc_size_table *stab)
        struct nlattr *nest;
 
        nest = nla_nest_start(skb, TCA_STAB);
+       if (nest == NULL)
+               goto nla_put_failure;
        NLA_PUT(skb, TCA_STAB_BASE, sizeof(stab->szopts), &stab->szopts);
        nla_nest_end(skb, nest);