| From fa6872117b9f6d769b1d7cd5c6abcafa58614f1d Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Fri, 21 Aug 2020 12:52:15 +0200 |
| Subject: mt76: fix a possible NULL pointer dereference in mt76_testmode_dump |
| |
| From: Lorenzo Bianconi <lorenzo@kernel.org> |
| |
| [ Upstream commit ce8463a726a5669b200a1c2c17f95bc1394cc6bf ] |
| |
| Fix a possible NULL pointer dereference in mt76_testmode_dump() since |
| nla_nest_start returns NULL in case of error |
| |
| Fixes: f0efa8621550e ("mt76: add API for testmode support") |
| Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org> |
| Signed-off-by: Felix Fietkau <nbd@nbd.name> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| drivers/net/wireless/mediatek/mt76/testmode.c | 8 ++++++-- |
| 1 file changed, 6 insertions(+), 2 deletions(-) |
| |
| diff --git a/drivers/net/wireless/mediatek/mt76/testmode.c b/drivers/net/wireless/mediatek/mt76/testmode.c |
| index 75bb02cdfdae4..5bd6ac1ba3b5b 100644 |
| --- a/drivers/net/wireless/mediatek/mt76/testmode.c |
| +++ b/drivers/net/wireless/mediatek/mt76/testmode.c |
| @@ -442,9 +442,13 @@ int mt76_testmode_dump(struct ieee80211_hw *hw, struct sk_buff *msg, |
| mutex_lock(&dev->mutex); |
| |
| if (tb[MT76_TM_ATTR_STATS]) { |
| + err = -EINVAL; |
| + |
| a = nla_nest_start(msg, MT76_TM_ATTR_STATS); |
| - err = mt76_testmode_dump_stats(dev, msg); |
| - nla_nest_end(msg, a); |
| + if (a) { |
| + err = mt76_testmode_dump_stats(dev, msg); |
| + nla_nest_end(msg, a); |
| + } |
| |
| goto out; |
| } |
| -- |
| 2.25.1 |
| |
