[PATCH] wifi: nl80211: don't free NULL coalescing rule
From: Johannes Berg <johannes.berg@intel.com> mainline inclusion from mainline-v6.9-rc6 commit 801ea33ae82d6a9d954074fbcf8ea9d18f1543a7 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9U96L CVE: CVE-2024-36941 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... ---------------------------------------------------- If the parsing fails, we can dereference a NULL pointer here. Cc: stable@vger.kernel.org Fixes: be29b99a9b51 ("cfg80211/nl80211: Add packet coalesce support") Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com> Link: https://msgid.link/20240418105220.b328f80406e7.Id75d961050deb05b3e4e354e0248... Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Zhang Zekun <zhangzekun11@huawei.com> --- net/wireless/nl80211.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index 674a0d54aff8..43dfc2fbcf35 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -12646,6 +12646,8 @@ static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info) error: for (i = 0; i < new_coalesce.n_rules; i++) { tmp_rule = &new_coalesce.rules[i]; + if (!tmp_rule) + continue; for (j = 0; j < tmp_rule->n_patterns; j++) kfree(tmp_rule->patterns[j].mask); kfree(tmp_rule->patterns); -- 2.17.1
participants (1)
-
Zhang Zekun