On 3/7/23 10:30, Dongliang Mu wrote: > There is a null pointer dereference if NL802154_ATTR_SCAN_TYPE is > not set by the user. > > Fix this by adding a null pointer check. > > Reported-and-tested-by: syzbot+bd85b31816913a32e473@xxxxxxxxxxxxxxxxxxxxxxxxx > Signed-off-by: Dongliang Mu <dzm91@xxxxxxxxxxx> Please add a Fixes: tag > --- > net/ieee802154/nl802154.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c > index 2215f576ee37..1cf00cffd63f 100644 > --- a/net/ieee802154/nl802154.c > +++ b/net/ieee802154/nl802154.c > @@ -1412,7 +1412,8 @@ static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info) > return -EOPNOTSUPP; > } > > - if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { > + if (!info->attrs[NL802154_ATTR_SCAN_TYPE] || > + !nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) { > NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type"); > return -EINVAL; > }