Commit 65c95f78 authored by Jiri Pirko's avatar Jiri Pirko Committed by Jakub Kicinski

dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set()

User may not pass DPLL_A_PIN_STATE attribute in the pin set operation
message. Sanitize that by checking if the attr pointer is not null
and process the passed state attribute value only in that case.
Reported-by: default avatarXingyuan Mo <hdthky0@gmail.com>
Fixes: 9d71b54b ("dpll: netlink: Add DPLL framework base functions")
Signed-off-by: default avatarJiri Pirko <jiri@nvidia.com>
Acked-by: default avatarVadim Fedorenko <vadim.fedorenko@linux.dev>
Link: https://lore.kernel.org/r/20231211083758.1082853-1-jiri@resnulli.usSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 154bb2fa
...@@ -925,7 +925,6 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest, ...@@ -925,7 +925,6 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest,
struct netlink_ext_ack *extack) struct netlink_ext_ack *extack)
{ {
struct nlattr *tb[DPLL_A_PIN_MAX + 1]; struct nlattr *tb[DPLL_A_PIN_MAX + 1];
enum dpll_pin_state state;
u32 ppin_idx; u32 ppin_idx;
int ret; int ret;
...@@ -936,10 +935,14 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest, ...@@ -936,10 +935,14 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest,
return -EINVAL; return -EINVAL;
} }
ppin_idx = nla_get_u32(tb[DPLL_A_PIN_PARENT_ID]); ppin_idx = nla_get_u32(tb[DPLL_A_PIN_PARENT_ID]);
state = nla_get_u32(tb[DPLL_A_PIN_STATE]);
ret = dpll_pin_on_pin_state_set(pin, ppin_idx, state, extack); if (tb[DPLL_A_PIN_STATE]) {
if (ret) enum dpll_pin_state state = nla_get_u32(tb[DPLL_A_PIN_STATE]);
return ret;
ret = dpll_pin_on_pin_state_set(pin, ppin_idx, state, extack);
if (ret)
return ret;
}
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment