]>
Commit | Line | Data |
---|---|---|
a9c34747 SL |
1 | From 615514d8ccafc099b0437e7730c6bf6770fab580 Mon Sep 17 00:00:00 2001 |
2 | From: Sasha Levin <sashal@kernel.org> | |
3 | Date: Mon, 6 Jul 2020 17:13:53 -0400 | |
4 | Subject: cfg80211: check vendor command doit pointer before use | |
5 | ||
6 | From: Julian Squires <julian@cipht.net> | |
7 | ||
8 | [ Upstream commit 4052d3d2e8f47a15053320bbcbe365d15610437d ] | |
9 | ||
10 | In the case where a vendor command does not implement doit, and has no | |
11 | flags set, doit would not be validated and a NULL pointer dereference | |
12 | would occur, for example when invoking the vendor command via iw. | |
13 | ||
14 | I encountered this while developing new vendor commands. Perhaps in | |
15 | practice it is advisable to always implement doit along with dumpit, | |
16 | but it seems reasonable to me to always check doit anyway, not just | |
17 | when NEED_WDEV. | |
18 | ||
19 | Signed-off-by: Julian Squires <julian@cipht.net> | |
20 | Link: https://lore.kernel.org/r/20200706211353.2366470-1-julian@cipht.net | |
21 | Signed-off-by: Johannes Berg <johannes.berg@intel.com> | |
22 | Signed-off-by: Sasha Levin <sashal@kernel.org> | |
23 | --- | |
24 | net/wireless/nl80211.c | 6 +++--- | |
25 | 1 file changed, 3 insertions(+), 3 deletions(-) | |
26 | ||
27 | diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c | |
28 | index d0b75781e6f7a..9be7ee322093b 100644 | |
29 | --- a/net/wireless/nl80211.c | |
30 | +++ b/net/wireless/nl80211.c | |
31 | @@ -11859,13 +11859,13 @@ static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info) | |
32 | if (!wdev_running(wdev)) | |
33 | return -ENETDOWN; | |
34 | } | |
35 | - | |
36 | - if (!vcmd->doit) | |
37 | - return -EOPNOTSUPP; | |
38 | } else { | |
39 | wdev = NULL; | |
40 | } | |
41 | ||
42 | + if (!vcmd->doit) | |
43 | + return -EOPNOTSUPP; | |
44 | + | |
45 | if (info->attrs[NL80211_ATTR_VENDOR_DATA]) { | |
46 | data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]); | |
47 | len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]); | |
48 | -- | |
49 | 2.25.1 | |
50 |