[PATCH 4.9 36/47] net: ieee802154: fix nl802154 del llsec dev
From: Greg Kroah-Hartman
Date: Thu Apr 15 2021 - 10:56:37 EST
From: Alexander Aring <aahringo@xxxxxxxxxx>
commit 3d1eac2f45585690d942cf47fd7fbd04093ebd1b upstream.
This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVICE is
not set by the user. If this is the case nl802154 will return -EINVAL.
Reported-by: syzbot+d946223c2e751d136c94@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Alexander Aring <aahringo@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20210221174321.14210-2-aahringo@xxxxxxxxxx
Signed-off-by: Stefan Schmidt <stefan@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/ieee802154/nl802154.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1796,7 +1796,8 @@ static int nl802154_del_llsec_dev(struct
struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1];
__le64 extended_addr;
- if (nla_parse_nested(attrs, NL802154_DEV_ATTR_MAX,
+ if (!info->attrs[NL802154_ATTR_SEC_DEVICE] ||
+ nla_parse_nested(attrs, NL802154_DEV_ATTR_MAX,
info->attrs[NL802154_ATTR_SEC_DEVICE],
nl802154_dev_policy))
return -EINVAL;