From a723f99244edfa7e9c9cfc61130570584128ccf4 Mon Sep 17 00:00:00 2001
From: Tobias Klauser <tklauser@distanz.ch>
Date: Sun, 12 May 2013 12:28:45 +0200
Subject: dissector: ip_ipv6_mobility_hdr: NULL check before dereference

Check return value of pkt_pull before dereferencing it. This was
discovered by the coverity scanner.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
---
 proto_ipv6_mobility_hdr.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/proto_ipv6_mobility_hdr.c b/proto_ipv6_mobility_hdr.c
index 549d4f0..57e587f 100644
--- a/proto_ipv6_mobility_hdr.c
+++ b/proto_ipv6_mobility_hdr.c
@@ -164,9 +164,11 @@ static void dissect_mobilityhdr_type_6(struct pkt_buff *pkt,
 	struct bind_ack_msg *type_6;
 
 	type_6 = (struct bind_ack_msg *) pkt_pull(pkt, sizeof(*type_6));
+	if (type_6 == NULL)
+		return;
+
 	*message_data_len -= sizeof(*type_6);
-	if (type_6 == NULL || *message_data_len > pkt_len(pkt) ||
-	    *message_data_len < 0)
+	if (*message_data_len > pkt_len(pkt) || *message_data_len < 0)
 		return;
 
 	tprintf("Status (0x%x) ", type_6->status);
@@ -185,10 +187,12 @@ static void dissect_mobilityhdr_type_7(struct pkt_buff *pkt,
 	struct bind_err_msg *type_7;
 
 	type_7 = (struct bind_err_msg *) pkt_pull(pkt, sizeof(*type_7));
+	if (type_7 == NULL)
+		return;
+
 	*message_data_len -= sizeof(*type_7);
 	addr = ntohll(type_7->home_addr);
-	if (type_7 == NULL || *message_data_len > pkt_len(pkt) ||
-	    *message_data_len < 0)
+	if (*message_data_len > pkt_len(pkt) || *message_data_len < 0)
 		return;
 
 	tprintf("Status (0x%x) ", type_7->status);
-- 
cgit v1.2.3-54-g00ecf