rfkill: Fix incorrect check to avoid NULL pointer dereference

[ Upstream commit 6fc232db9e8cd50b9b83534de9cd91ace711b2d7 ]

In rfkill_register, the struct rfkill pointer is first derefernced
and then checked for NULL. This patch removes the BUG_ON and returns
an error to the caller in case rfkill is NULL.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Link: https://lore.kernel.org/r/20191215153409.21696-1-pakki001@umn.edu
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/rfkill/core.c b/net/rfkill/core.c
index 99a2e55b01cf33dca866ee9b83677f1aed421534..e31b4288f32ce84c0ff4a16c6c6f35105e773c53 100644 (file)
--- a/net/rfkill/core.c
+++ b/net/rfkill/core.c
@@ -998,10 +998,13 @@ static void rfkill_sync_work(struct work_struct *work)
 int __must_check rfkill_register(struct rfkill *rfkill)
 {
        static unsigned long rfkill_no;
-       struct device *dev = &rfkill->dev;
+       struct device *dev;
        int error;
 
-       BUG_ON(!rfkill);
+       if (!rfkill)
+               return -EINVAL;
+
+       dev = &rfkill->dev;
 
        mutex_lock(&rfkill_global_mutex);