Hi Dongliang,
dzm91@xxxxxxxxxxx wrote on Tue, 7 Mar 2023 17:05:46 +0800:
> There is a null pointer dereference if NL802154_ATTR_SCAN_TYPE is
> not set by the user.
>
> Fix this by adding a null pointer check.
>
> Reported-and-tested-by: syzbot+bd85b31816913a32e473@xxxxxxxxxxxxxxxxxxxxxxxxx
Still wrong :)
> Fixes: a0b6106672b5 ("ieee802154: Convert scan error messages to extack")
> Signed-off-by: Dongliang Mu <dzm91@xxxxxxxxxxx>
> ---
> v1->v2: add fixes tag
> net/ieee802154/nl802154.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index 2215f576ee37..1cf00cffd63f 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -1412,7 +1412,8 @@ static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info)
> return -EOPNOTSUPP;
> }
>
> - if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) {
> + if (!info->attrs[NL802154_ATTR_SCAN_TYPE] ||
Already handled :)
> + !nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) {
Also handled!
> NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type");
> return -EINVAL;
> }
Thanks,
Miquèl
