| From 31715fd79c9ed129665b3e455516d0f8fb5390af Mon Sep 17 00:00:00 2001 |
| From: Aditya Pakki <pakki001@umn.edu> |
| Date: Sun, 15 Dec 2019 09:34:08 -0600 |
| Subject: [PATCH] rfkill: Fix incorrect check to avoid NULL pointer dereference |
| |
| commit 6fc232db9e8cd50b9b83534de9cd91ace711b2d7 upstream. |
| |
| In rfkill_register, the struct rfkill pointer is first derefernced |
| and then checked for NULL. This patch removes the BUG_ON and returns |
| an error to the caller in case rfkill is NULL. |
| |
| Signed-off-by: Aditya Pakki <pakki001@umn.edu> |
| Link: https://lore.kernel.org/r/20191215153409.21696-1-pakki001@umn.edu |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/net/rfkill/core.c b/net/rfkill/core.c |
| index f9b08a6d8dbe..d1a955c79219 100644 |
| --- a/net/rfkill/core.c |
| +++ b/net/rfkill/core.c |
| @@ -1002,10 +1002,13 @@ static void rfkill_sync_work(struct work_struct *work) |
| int __must_check rfkill_register(struct rfkill *rfkill) |
| { |
| static unsigned long rfkill_no; |
| - struct device *dev = &rfkill->dev; |
| + struct device *dev; |
| int error; |
| |
| - BUG_ON(!rfkill); |
| + if (!rfkill) |
| + return -EINVAL; |
| + |
| + dev = &rfkill->dev; |
| |
| mutex_lock(&rfkill_global_mutex); |
| |
| -- |
| 2.7.4 |
| |