[PATCH] WIFI: handle a neglected case in nl80211_new_interface()

[PATCH] WIFI: handle a neglected case in nl80211_new_interface()

[Chao Bi]

In nl80211_new_interface(), it calls rdev_add_virtual_intf() to create
a new interface, however, it only checks whether returned value is err
code, but doesn't check if returned value is NULL. The returned value
could be NULL, for example, memory allocation failed when creating a
new interface.

when get a NULL returned value,  nl80211_new_interface() is expected to
return but it actually runs down to access the NULL pointer, this could
lead to a panic.

Signed-off-by: Chao Bi <chao.bi@intel.com>
---
 net/wireless/nl80211.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index a1eb210..27feeaf 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -2512,7 +2512,7 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info)
 	wdev = rdev_add_virtual_intf(rdev,
 				nla_data(info->attrs[NL80211_ATTR_IFNAME]),
 				type, err ? NULL : &flags, &params);
-	if (IS_ERR(wdev)) {
+	if (!wdev || IS_ERR(wdev)) {
 		nlmsg_free(msg);
 		return PTR_ERR(wdev);
 	}
-- 
1.7.9.5

Re: [PATCH] WIFI: handle a neglected case in nl80211_new_interface()

[Chao Bi]

On Wed, 2013-11-27 at 20:43 +0530, Ujjal Roy wrote:
> Hi,
> 
> 
> We can use IS_ERR_OR_NULL(wdev) to check NULL as well as error value.
> 
> Thanks,
> UjjaL
> 
> On Wed, Nov 27, 2013 at 8:30 AM, Chao Bi <chao.bi@intel.com> wrote:
>         In nl80211_new_interface(), it calls rdev_add_virtual_intf() to create
>         a new interface, however, it only checks whether returned value is err
>         code, but doesn't check if returned value is NULL. The returned 

Thanks Ujjal. I'll update it.

Re: [PATCH] WIFI: handle a neglected case in nl80211_new_interface()

[Chao Bi]

On Thu, 2013-11-28 at 11:53 +0800, Chao Bi wrote:
> On Wed, 2013-11-27 at 20:43 +0530, Ujjal Roy wrote:
> > Hi,
> > 
> > 
> > We can use IS_ERR_OR_NULL(wdev) to check NULL as well as error value.
> > 
> > Thanks,
> > UjjaL
> > 
> > On Wed, Nov 27, 2013 at 8:30 AM, Chao Bi <chao.bi-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> wrote:
> >         In nl80211_new_interface(), it calls rdev_add_virtual_intf() to create
> >         a new interface, however, it only checks whether returned value is err
> >         code, but doesn't check if returned value is NULL. The returned 
> 
> Thanks Ujjal. I'll update it.
> 
Hi all,
This patch is not valid, I further check the nl80211 API introduce,
don't need to handle this NULL return value because it bans NULL
feedback of add_virtual_intf() API in cfg80211.h.

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html