| Message ID | 20230307090546.994258-1-dzm91@hust.edu.cn (mailing list archive) |
|---|---|
| State | Rejected |
| Headers | show |
| Series | [v2] net: ieee802154: fix a null pointer in nl802154_trigger_scan | expand |
Hi Dongliang, dzm91@hust.edu.cn wrote on Tue, 7 Mar 2023 17:05:46 +0800: > There is a null pointer dereference if NL802154_ATTR_SCAN_TYPE is > not set by the user. > > Fix this by adding a null pointer check. > > Reported-and-tested-by: syzbot+bd85b31816913a32e473@syzkaller.appspotmail.com Still wrong :) > Fixes: a0b6106672b5 ("ieee802154: Convert scan error messages to extack") > Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn> > --- > v1->v2: add fixes tag > net/ieee802154/nl802154.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c > index 2215f576ee37..1cf00cffd63f 100644 > --- a/net/ieee802154/nl802154.c > +++ b/net/ieee802154/nl802154.c > @@ -1412,7 +1412,8 @@ static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info) > return -EOPNOTSUPP; > } > > - if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { > + if (!info->attrs[NL802154_ATTR_SCAN_TYPE] || Already handled :) > + !nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { Also handled! > NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type"); > return -EINVAL; > } Thanks, Miquèl
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c index 2215f576ee37..1cf00cffd63f 100644 --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -1412,7 +1412,8 @@ static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info) return -EOPNOTSUPP; } - if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { + if (!info->attrs[NL802154_ATTR_SCAN_TYPE] || + !nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type"); return -EINVAL; }
There is a null pointer dereference if NL802154_ATTR_SCAN_TYPE is not set by the user. Fix this by adding a null pointer check. Reported-and-tested-by: syzbot+bd85b31816913a32e473@syzkaller.appspotmail.com Fixes: a0b6106672b5 ("ieee802154: Convert scan error messages to extack") Signed-off-by: Dongliang Mu <dzm91@hust.edu.cn> --- v1->v2: add fixes tag net/ieee802154/nl802154.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)