Commit 65c95f78 authored Dec 11, 2023 by Jiri Pirko Committed by Jakub Kicinski Dec 12, 2023

dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set()



User may not pass DPLL_A_PIN_STATE attribute in the pin set operation
message. Sanitize that by checking if the attr pointer is not null
and process the passed state attribute value only in that case.

Reported-by: Xingyuan Mo <hdthky0@gmail.com>
Fixes: 9d71b54b ("dpll: netlink: Add DPLL framework base functions")
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Acked-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Link: https://lore.kernel.org/r/20231211083758.1082853-1-jiri@resnulli.us


Signed-off-by: Jakub Kicinski <kuba@kernel.org>

parent 154bb2fa

drivers/dpll/dpll_netlink.c

+8 −5

Original line number	Diff line number	Diff line
		@@ -925,7 +925,6 @@ dpll_pin_parent_pin_set(struct dpll_pin pin, struct nlattr parent_nest,
		struct netlink_ext_ack *extack)
		{
		struct nlattr *tb[DPLL_A_PIN_MAX + 1];
		enum dpll_pin_state state;
		u32 ppin_idx;
		int ret;

		@@ -936,10 +935,14 @@ dpll_pin_parent_pin_set(struct dpll_pin pin, struct nlattr parent_nest,
		return -EINVAL;
		}
		ppin_idx = nla_get_u32(tb[DPLL_A_PIN_PARENT_ID]);
		state = nla_get_u32(tb[DPLL_A_PIN_STATE]);

		if (tb[DPLL_A_PIN_STATE]) {
		enum dpll_pin_state state = nla_get_u32(tb[DPLL_A_PIN_STATE]);

		ret = dpll_pin_on_pin_state_set(pin, ppin_idx, state, extack);
		if (ret)
		return ret;
		}

		return 0;
		}