net: ieee802154: fix nl802154 del llsec key

This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is not set by the user. If this is the case nl802154 will return -EINVAL. Reported-by: syzbot+ac5c11d2959a8b3c4806@syzkaller.appspotmail.com Signed-off-by: Alexander Aring <aahringo@redhat.com> Link: https://lore.kernel.org/r/20210221174321.14210-1-aahringo@redhat.comSigned-off-by: Stefan Schmidt <stefan@datenfreihafen.org>

net: ieee802154: fix nl802154 del llsec key
This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is not set by the user. If this is the case nl802154 will return -EINVAL. Reported-by: syzbot+ac5c11d2959a8b3c4806@syzkaller.appspotmail.com Signed-off-by: Alexander Aring <aahringo@redhat.com> Link: https://lore.kernel.org/r/20210221174321.14210-1-aahringo@redhat.comSigned-off-by: Stefan Schmidt <stefan@datenfreihafen.org>
37feaaf5 · Alexander Aring · Stefan Schmidt · cdd38c5f · 37feaaf5
Commit 37feaaf5 authored Feb 21, 2021 by Alexander Aring Committed by Stefan Schmidt Feb 24, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 1 deletion

net/ieee802154/nl802154.c net/ieee802154/nl802154.c +2 -1

No files found.
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1592,7 +1592,8 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info)
 	struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1];
 	struct ieee802154_llsec_key_id id;

-	if (nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
+	if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
+	    nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
 		return -EINVAL;

 	if (ieee802154_llsec_parse_key_id(attrs[NL802154_KEY_ATTR_ID], &id) < 0)