| From 9b14188279ec0ec1d226589e5e1c59e317176245 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Tue, 1 Mar 2022 18:00:20 +0800 |
| Subject: nl80211: Handle nla_memdup failures in handle_nan_filter |
| |
| From: Jiasheng Jiang <jiasheng@iscas.ac.cn> |
| |
| [ Upstream commit 6ad27f522cb3b210476daf63ce6ddb6568c0508b ] |
| |
| As there's potential for failure of the nla_memdup(), |
| check the return value. |
| |
| Fixes: a442b761b24b ("cfg80211: add add_nan_func / del_nan_func") |
| Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> |
| Link: https://lore.kernel.org/r/20220301100020.3801187-1-jiasheng@iscas.ac.cn |
| Signed-off-by: Johannes Berg <johannes.berg@intel.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| net/wireless/nl80211.c | 12 ++++++++++++ |
| 1 file changed, 12 insertions(+) |
| |
| diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c |
| index 7633d6a74bc2..f2bc465de284 100644 |
| --- a/net/wireless/nl80211.c |
| +++ b/net/wireless/nl80211.c |
| @@ -12320,6 +12320,9 @@ static int handle_nan_filter(struct nlattr *attr_filter, |
| i = 0; |
| nla_for_each_nested(attr, attr_filter, rem) { |
| filter[i].filter = nla_memdup(attr, GFP_KERNEL); |
| + if (!filter[i].filter) |
| + goto err; |
| + |
| filter[i].len = nla_len(attr); |
| i++; |
| } |
| @@ -12332,6 +12335,15 @@ static int handle_nan_filter(struct nlattr *attr_filter, |
| } |
| |
| return 0; |
| + |
| +err: |
| + i = 0; |
| + nla_for_each_nested(attr, attr_filter, rem) { |
| + kfree(filter[i].filter); |
| + i++; |
| + } |
| + kfree(filter); |
| + return -ENOMEM; |
| } |
| |
| static int nl80211_nan_add_func(struct sk_buff *skb, |
| -- |
| 2.34.1 |
| |
