korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-24 04:34:08 +08:00
Code Issues Packages Projects Releases Wiki Activity

dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set()

Browse Source 
User may not pass DPLL_A_PIN_STATE attribute in the pin set operation
message. Sanitize that by checking if the attr pointer is not null
and process the passed state attribute value only in that case.

Reported-by: Xingyuan Mo <hdthky0@gmail.com>
Fixes: 9d71b54b65 ("dpll: netlink: Add DPLL framework base functions")
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Acked-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Link: https://lore.kernel.org/r/20231211083758.1082853-1-jiri@resnulli.us
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
This commit is contained in:
Jiri Pirko 2023-12-11 09:37:58 +01:00 committed by Jakub Kicinski
parent 154bb2fa48
commit 65c95f7891
1 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
drivers/dpll/dpll_netlink.c
View File

@ -925,7 +925,6 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest,
struct netlink_ext_ack *extack)
{
struct nlattr *tb[DPLL_A_PIN_MAX + 1];
enum dpll_pin_state state;
u32 ppin_idx;
int ret;
@ -936,10 +935,14 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest,
return -EINVAL;
}
ppin_idx = nla_get_u32(tb[DPLL_A_PIN_PARENT_ID]);
state = nla_get_u32(tb[DPLL_A_PIN_STATE]);
ret = dpll_pin_on_pin_state_set(pin, ppin_idx, state, extack);
if (ret)
return ret;
if (tb[DPLL_A_PIN_STATE]) {
enum dpll_pin_state state = nla_get_u32(tb[DPLL_A_PIN_STATE]);
ret = dpll_pin_on_pin_state_set(pin, ppin_idx, state, extack);
if (ret)
return ret;
}
return 0;
}