Re: [PATCH] net: ieee802154: fix a null pointer in nl802154_trigger_scan

Denis Kirjanov <dkirjanov@xxxxxxx> · Tue, 7 Mar 2023 11:43:46 +0300



On 3/7/23 10:30, Dongliang Mu wrote:
> There is a null pointer dereference if NL802154_ATTR_SCAN_TYPE is
> not set by the user.
> 
> Fix this by adding a null pointer check.
> 
> Reported-and-tested-by: syzbot+bd85b31816913a32e473@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Dongliang Mu <dzm91@xxxxxxxxxxx>

Please add a Fixes: tag 

> ---
>  net/ieee802154/nl802154.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index 2215f576ee37..1cf00cffd63f 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -1412,7 +1412,8 @@ static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info)
>  		return -EOPNOTSUPP;
>  	}
>  
> -	if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) {
> +	if (!info->attrs[NL802154_ATTR_SCAN_TYPE] ||
> +	    !nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) {
>  		NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type");
>  		return -EINVAL;
>  	}