dpll: sanitize possible null pointer dereference in dpll_pin_parent_p…

…in_set() User may not pass DPLL_A_PIN_STATE attribute in the pin set operation message. Sanitize that by checking if the attr pointer is not null and process the passed state attribute value only in that case. Reported-by: Xingyuan Mo <[email protected]> Fixes: 9d71b54 ("dpll: netlink: Add DPLL framework base functions") Signed-off-by: Jiri Pirko <[email protected]> Acked-by: Vadim Fedorenko <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Jakub Kicinski <[email protected]>
torvalds · Dec 13, 2023 · 65c95f7 · 65c95f7
1 parent 154bb2f
commit 65c95f7
Showing 1 changed file with 8 additions and 5 deletions.
diff --git a/drivers/dpll/dpll_netlink.c b/drivers/dpll/dpll_netlink.c
@@ -925,7 +925,6 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest,
  struct netlink_ext_ack *extack)
 {
  struct nlattr *tb[DPLL_A_PIN_MAX + 1];
- enum dpll_pin_state state;
  u32 ppin_idx;
  int ret;
 
@@ -936,10 +935,14 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest,
  return -EINVAL;
  }
  ppin_idx = nla_get_u32(tb[DPLL_A_PIN_PARENT_ID]);
- state = nla_get_u32(tb[DPLL_A_PIN_STATE]);
- ret = dpll_pin_on_pin_state_set(pin, ppin_idx, state, extack);
- if (ret)
- return ret;
+
+ if (tb[DPLL_A_PIN_STATE]) {
+ enum dpll_pin_state state = nla_get_u32(tb[DPLL_A_PIN_STATE]);
+
+ ret = dpll_pin_on_pin_state_set(pin, ppin_idx, state, extack);
+ if (ret)
+ return ret;
+ }
 
  return 0;
 }