Commit 4052d3d2 authored by Julian Squires's avatar Julian Squires Committed by Johannes Berg

cfg80211: check vendor command doit pointer before use

In the case where a vendor command does not implement doit, and has no
flags set, doit would not be validated and a NULL pointer dereference
would occur, for example when invoking the vendor command via iw.

I encountered this while developing new vendor commands.  Perhaps in
practice it is advisable to always implement doit along with dumpit,
but it seems reasonable to me to always check doit anyway, not just
when NEED_WDEV.
Signed-off-by: default avatarJulian Squires <julian@cipht.net>
Link: https://lore.kernel.org/r/20200706211353.2366470-1-julian@cipht.netSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
parent 5e43540c
...@@ -13266,13 +13266,13 @@ static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info) ...@@ -13266,13 +13266,13 @@ static int nl80211_vendor_cmd(struct sk_buff *skb, struct genl_info *info)
if (!wdev_running(wdev)) if (!wdev_running(wdev))
return -ENETDOWN; return -ENETDOWN;
} }
if (!vcmd->doit)
return -EOPNOTSUPP;
} else { } else {
wdev = NULL; wdev = NULL;
} }
if (!vcmd->doit)
return -EOPNOTSUPP;
if (info->attrs[NL80211_ATTR_VENDOR_DATA]) { if (info->attrs[NL80211_ATTR_VENDOR_DATA]) {
data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]); data = nla_data(info->attrs[NL80211_ATTR_VENDOR_DATA]);
len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]); len = nla_len(info->attrs[NL80211_ATTR_VENDOR_DATA]);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment