nl80211: Handle nla_memdup failures in handle_nan_filter

As there's potential for failure of the nla_memdup(), check the return value. Fixes: a442b761 ("cfg80211: add add_nan_func / del_nan_func") Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Link: https://lore.kernel.org/r/20220301100020.3801187-1-jiasheng@iscas.ac.cnSigned-off-by: Johannes Berg <johannes.berg@intel.com>

nl80211: Handle nla_memdup failures in handle_nan_filter
As there's potential for failure of the nla_memdup(), check the return value. Fixes: a442b761 ("cfg80211: add add_nan_func / del_nan_func") Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Link: https://lore.kernel.org/r/20220301100020.3801187-1-jiasheng@iscas.ac.cnSigned-off-by: Johannes Berg <johannes.berg@intel.com>
6ad27f52 · Jiasheng Jiang · Johannes Berg · 5a6248c0 · 6ad27f52
Commit 6ad27f52 authored Mar 01, 2022 by Jiasheng Jiang Committed by Johannes Berg Mar 01, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 12 additions and 0 deletions

net/wireless/nl80211.c net/wireless/nl80211.c +12 -0

No files found.
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -13411,6 +13411,9 @@ static int handle_nan_filter(struct nlattr *attr_filter,
 	i = 0;
 	nla_for_each_nested(attr, attr_filter, rem) {
 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
+		if (!filter[i].filter)
+			goto err;
+
 		filter[i].len = nla_len(attr);
 		i++;
 	}
@@ -13423,6 +13426,15 @@ static int handle_nan_filter(struct nlattr *attr_filter,
 	}

 	return 0;
+
+err:
+	i = 0;
+	nla_for_each_nested(attr, attr_filter, rem) {
+		kfree(filter[i].filter);
+		i++;
+	}
+	kfree(filter);
+	return -ENOMEM;
 }

 static int nl80211_nan_add_func(struct sk_buff *skb,