nl80211: Handle nla_memdup failures in handle_nan_filter

As there's potential for failure of the nla_memdup(), check the return value. Fixes: a442b761b24b ("cfg80211: add add_nan_func / del_nan_func") Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn> Link: https://lore.kernel.org/r/20220301100020.3801187-1-jiasheng@iscas.ac.cn Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Jiasheng Jiang <jiasheng@iscas.ac.cn> 2022-03-01 18:00:20 +0800
committer: Johannes Berg <johannes.berg@intel.com> 2022-03-01 11:15:08 +0100
commit: 6ad27f522cb3b210476daf63ce6ddb6568c0508b (patch)
tree: 2228a67af8007299f1bd419844cd9d3edab51813
parent: 5a6248c0a22352f09ea041665d3bd3e18f6f872c (diff)
download: linux-6ad27f522cb3b210476daf63ce6ddb6568c0508b.tar.gz
1 files changed, 12 insertions, 0 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 578bff9c378bc5..b1909ce2b73913 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -13411,6 +13411,9 @@ static int handle_nan_filter(struct nlattr *attr_filter,
 	i = 0;
 	nla_for_each_nested(attr, attr_filter, rem) {
 		filter[i].filter = nla_memdup(attr, GFP_KERNEL);
+		if (!filter[i].filter)
+			goto err;
+
 		filter[i].len = nla_len(attr);
 		i++;
 	}
@@ -13423,6 +13426,15 @@ static int handle_nan_filter(struct nlattr *attr_filter,
 	}
 
 	return 0;
+
+err:
+	i = 0;
+	nla_for_each_nested(attr, attr_filter, rem) {
+		kfree(filter[i].filter);
+		i++;
+	}
+	kfree(filter);
+	return -ENOMEM;
 }
 
 static int nl80211_nan_add_func(struct sk_buff *skb,
author	Jiasheng Jiang <jiasheng@iscas.ac.cn>	2022-03-01 18:00:20 +0800
committer	Johannes Berg <johannes.berg@intel.com>	2022-03-01 11:15:08 +0100
commit	6ad27f522cb3b210476daf63ce6ddb6568c0508b (patch)
tree	2228a67af8007299f1bd419844cd9d3edab51813
parent	5a6248c0a22352f09ea041665d3bd3e18f6f872c (diff)
download	linux-6ad27f522cb3b210476daf63ce6ddb6568c0508b.tar.gz