summaryrefslogtreecommitdiff
path: root/drivers/net/wireless/mac80211_hwsim.c
diff options
context:
space:
mode:
authorJia-Ju Bai <baijiaju1990@gmail.com>2019-07-29 11:23:32 +0300
committerJohannes Berg <johannes.berg@intel.com>2019-07-29 17:20:34 +0300
commitb55f3b841099e641bdb2701d361a4c304e2dbd6f (patch)
tree0d6ddf7fb0db9a3a9b1a8ad435d08aae0a6557aa /drivers/net/wireless/mac80211_hwsim.c
parent05aaa5c97dce4c10a9e7eae2f1569a684e0c5ced (diff)
downloadlinux-b55f3b841099e641bdb2701d361a4c304e2dbd6f.tar.xz
mac80211_hwsim: Fix possible null-pointer dereferences in hwsim_dump_radio_nl()
In hwsim_dump_radio_nl(), when genlmsg_put() on line 3617 fails, hdr is assigned to NULL. Then hdr is used on lines 3622 and 3623: genl_dump_check_consistent(cb, hdr); genlmsg_end(skb, hdr); Thus, possible null-pointer dereferences may occur. To fix these bugs, hdr is used here when it is not NULL. This bug is found by a static analysis tool STCheck written by us. Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Link: https://lore.kernel.org/r/20190729082332.28895-1-baijiaju1990@gmail.com [put braces on all branches] Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Diffstat (limited to 'drivers/net/wireless/mac80211_hwsim.c')
-rw-r--r--drivers/net/wireless/mac80211_hwsim.c8
1 files changed, 5 insertions, 3 deletions
diff --git a/drivers/net/wireless/mac80211_hwsim.c b/drivers/net/wireless/mac80211_hwsim.c
index 519b4ee88c5c..772e54f0696f 100644
--- a/drivers/net/wireless/mac80211_hwsim.c
+++ b/drivers/net/wireless/mac80211_hwsim.c
@@ -3617,10 +3617,12 @@ static int hwsim_dump_radio_nl(struct sk_buff *skb,
hdr = genlmsg_put(skb, NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq, &hwsim_genl_family,
NLM_F_MULTI, HWSIM_CMD_GET_RADIO);
- if (!hdr)
+ if (hdr) {
+ genl_dump_check_consistent(cb, hdr);
+ genlmsg_end(skb, hdr);
+ } else {
res = -EMSGSIZE;
- genl_dump_check_consistent(cb, hdr);
- genlmsg_end(skb, hdr);
+ }
}
done:
generated by cgit v1.2.3 (git 2.39.0) at 2024-12-12 18:53:13 +0300