projects / GitHub / LineageOS / G12 / android_kernel_amlogic_linux-4.9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8beeebc)
net: ieee802154: fix nl802154 del llsec key
authorAlexander Aring <aahringo@redhat.com>
Sun, 21 Feb 2021 17:43:18 +0000 (12:43 -0500)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 16 Apr 2021 09:59:10 +0000 (11:59 +0200)
commit 37feaaf5ceb2245e474369312bb7b922ce7bce69 upstream.

This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is
not set by the user. If this is the case nl802154 will return -EINVAL.

Reported-by: syzbot+ac5c11d2959a8b3c4806@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
Link: https://lore.kernel.org/r/20210221174321.14210-1-aahringo@redhat.com
Signed-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/ieee802154/nl802154.c patch | blob | blame | history

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index d90a4ed5b8a037e1dacef4cac0c44b158efabbb8..71280f009bc763c6f44ec42e4344c8458c50838d 100644 (file)
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1627,7 +1627,8 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info)
        struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1];
        struct ieee802154_llsec_key_id id;
 
-       if (nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX,
+       if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
+           nla_parse_nested(attrs, NL802154_KEY_ATTR_MAX,
                             info->attrs[NL802154_ATTR_SEC_KEY],
                             nl802154_key_policy))
                return -EINVAL;