This is a note to let you know that I've just added the patch titled nl80211: Handle nla_memdup failures in handle_nan_filter to the 5.10-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: nl80211-handle-nla_memdup-failures-in-handle_nan_fil.patch and it can be found in the queue-5.10 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit fc83ff94648b6eb3eeb0a2e9b391bb43b9155d58 Author: Jiasheng Jiang <jiasheng@xxxxxxxxxxx> Date: Tue Mar 1 18:00:20 2022 +0800 nl80211: Handle nla_memdup failures in handle_nan_filter [ Upstream commit 6ad27f522cb3b210476daf63ce6ddb6568c0508b ] As there's potential for failure of the nla_memdup(), check the return value. Fixes: a442b761b24b ("cfg80211: add add_nan_func / del_nan_func") Signed-off-by: Jiasheng Jiang <jiasheng@xxxxxxxxxxx> Link: https://lore.kernel.org/r/20220301100020.3801187-1-jiasheng@xxxxxxxxxxx Signed-off-by: Johannes Berg <johannes.berg@xxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 8fb0478888fb..07bd7b00b56d 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -12930,6 +12930,9 @@ static int handle_nan_filter(struct nlattr *attr_filter, i = 0; nla_for_each_nested(attr, attr_filter, rem) { filter[i].filter = nla_memdup(attr, GFP_KERNEL); + if (!filter[i].filter) + goto err; + filter[i].len = nla_len(attr); i++; } @@ -12942,6 +12945,15 @@ static int handle_nan_filter(struct nlattr *attr_filter, } return 0; + +err: + i = 0; + nla_for_each_nested(attr, attr_filter, rem) { + kfree(filter[i].filter); + i++; + } + kfree(filter); + return -ENOMEM; } static int nl80211_nan_add_func(struct sk_buff *skb,