[PATCH] nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done

From: Krzysztof Kozlowski
Date: Thu Dec 09 2021 - 03:13:13 EST

Next message: Thomas Gleixner: "Re: [x86/signal] 3aac3ebea0: will-it-scale.per_thread_ops -11.9% regression"
Previous message: Like Xu: "Re: [PATCH v2 2/6] KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH] nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The done() netlink callback nfc_genl_dump_ses_done() should check if
received argument is non-NULL, because its allocation could fail earlier
in dumpit() (nfc_genl_dump_ses()).

Fixes: ac22ac466a65 ("NFC: Add a GET_SE netlink API")
Cc: <stable@xxxxxxxxxxxxxxx>
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxxxxx>
---
net/nfc/netlink.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 334f63c9529e..5c706ed75b33 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -1392,8 +1392,10 @@ static int nfc_genl_dump_ses_done(struct netlink_callback *cb)
{
struct class_dev_iter *iter = (struct class_dev_iter *) cb->args[0];

- nfc_device_iter_exit(iter);
- kfree(iter);
+ if (iter) {
+ nfc_device_iter_exit(iter);
+ kfree(iter);
+ }

return 0;
}
--
2.32.0

Next message: Thomas Gleixner: "Re: [x86/signal] 3aac3ebea0: will-it-scale.per_thread_ops -11.9% regression"
Previous message: Like Xu: "Re: [PATCH v2 2/6] KVM: x86/pmu: Refactoring find_arch_event() to pmc_perf_hw_id()"
Next in thread: patchwork-bot+netdevbpf: "Re: [PATCH] nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]