[for-4.9.y,09/14] nl80211: fix null-ptr dereference on invalid mesh configuration

Message ID 1535487205-26280-10-git-send-email-amit.pundir@linaro.org
State New
Headers show
Series
  • Few upstream fixes from OnePlus6's kernel tree
Related show

Commit Message

Amit Pundir Aug. 28, 2018, 8:13 p.m.
From: Johannes Berg <johannes.berg@intel.com>


commit 265698d7e6132a2d41471135534f4f36ad15b09c upstream.

If TX rates are specified during mesh join, the channel must
also be specified. Check the channel pointer to avoid a null
pointer dereference if it isn't.

Reported-by: Jouni Malinen <j@w1.fi>
Fixes: 8564e38206de ("cfg80211: add checks for beacon rate, extend to mesh")
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

Signed-off-by: Amit Pundir <amit.pundir@linaro.org>

---
 net/wireless/nl80211.c | 3 +++
 1 file changed, 3 insertions(+)

-- 
2.7.4

Patch

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 5b75468b5acd..d8002be808f2 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -9480,6 +9480,9 @@  static int nl80211_join_mesh(struct sk_buff *skb, struct genl_info *info)
 		if (err)
 			return err;
 
+		if (!setup.chandef.chan)
+			return -EINVAL;
+
 		err = validate_beacon_tx_rate(rdev, setup.chandef.chan->band,
 					      &setup.beacon_rate);
 		if (err)