[09/11] wifi: cfg80211: Add null check for ie data

Message ID	20230504134511.828474-10-gregory.greenman@intel.com
State	New
Headers	show Return-Path: <linux-wireless-owner@vger.kernel.org> From: gregory.greenman@intel.com To: johannes@sipsolutions.net Cc: linux-wireless@vger.kernel.org, Mukesh Sisodiya <mukesh.sisodiya@intel.com>, Gregory Greenman <gregory.greenman@intel.com> Subject: [PATCH 09/11] wifi: cfg80211: Add null check for ie data Date: Thu, 4 May 2023 16:45:09 +0300 Message-Id: <20230504134511.828474-10-gregory.greenman@intel.com> In-Reply-To: <20230504134511.828474-1-gregory.greenman@intel.com> References: <20230504134511.828474-1-gregory.greenman@intel.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	cfg80211/mac80211 patches from our internal tree 2023-05-04 \| expand [00/11] cfg80211/mac80211 patches from our internal tree 2023-05-04 [01/11] wifi: mac80211: fix min center freq offset tracing [02/11] wifi: mac80211: simplify chanctx allocation [03/11] wifi: mac80211: consider reserved chanctx for mindef [04/11] wifi: mac80211: recalc chanctx mindef before assigning [05/11] wifi: mac80211: HW restart for MLO [06/11] wifi: mac80211: Fix elements scratch buffer allocation [07/11] wifi: mac80211_hwsim: avoid warning with MLO PS stations [08/11] wifi: mac80211: skip EHT BSS membership selector [09/11] wifi: cfg80211: Add null check for ie data [10/11] wifi: mac80211: fetch and store the EML capability information [11/11] wifi: mac80211: implement proper AP MLD HW restart

Message ID

20230504134511.828474-10-gregory.greenman@intel.com

State

New

Headers

From: gregory.greenman@intel.com
To: johannes@sipsolutions.net
Cc: linux-wireless@vger.kernel.org,
        Mukesh Sisodiya <mukesh.sisodiya@intel.com>,
        Gregory Greenman <gregory.greenman@intel.com>
Subject: [PATCH 09/11] wifi: cfg80211: Add null check for ie data
Date: Thu,  4 May 2023 16:45:09 +0300
Message-Id: <20230504134511.828474-10-gregory.greenman@intel.com>
In-Reply-To: <20230504134511.828474-1-gregory.greenman@intel.com>
References: <20230504134511.828474-1-gregory.greenman@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

cfg80211/mac80211 patches from our internal tree 2023-05-04 | expand

Commit Message

Greenman, Gregory May 4, 2023, 1:45 p.m. UTC

From: Mukesh Sisodiya <mukesh.sisodiya@intel.com>

It's valid to pass NULL "ies" pointer to cfg80211_sme_get_conn_ies().
Add the corresponding NULL-check to avoid NULL pointer access.

Signed-off-by: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
Signed-off-by: Gregory Greenman <gregory.greenman@intel.com>
---
 net/wireless/sme.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Johannes Berg June 5, 2023, 11:38 a.m. UTC | #1

On Thu, 2023-05-04 at 16:45 +0300, gregory.greenman@intel.com wrote:
> From: Mukesh Sisodiya <mukesh.sisodiya@intel.com>
> 
> It's valid to pass NULL "ies" pointer to cfg80211_sme_get_conn_ies().
> Add the corresponding NULL-check to avoid NULL pointer access.

Yes ... but it's not valid to do that when ies_len is 0, since you can't
have NULL ies with a length ...

So ... maybe we can do this patch but certainly the description is
bogus. Maybe you're trying to fix some static checker warnings or
something, which maybe is fine, but there was never any chance for an
NPD.

johannes

diff --git a/net/wireless/sme.c b/net/wireless/sme.c
index 7bdeb8eea92d..77277e4bca50 100644
--- a/net/wireless/sme.c
+++ b/net/wireless/sme.c
@@ -513,7 +513,7 @@  static int cfg80211_sme_get_conn_ies(struct wireless_dev *wdev,
 	if (!buf)
 		return -ENOMEM;
 
-	if (ies_len) {
+	if (ies) {
 		static const u8 before_extcapa[] = {
 			/* not listing IEs expected to be created by driver */
 			WLAN_EID_RSN,

[09/11] wifi: cfg80211: Add null check for ie data

Commit Message

Comments

Patch