From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-bl2nam02on0139.outbound.protection.outlook.com ([104.47.38.139]:53867 "EHLO NAM02-BL2-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1753254AbeBCSDq (ORCPT ); Sat, 3 Feb 2018 13:03:46 -0500 From: Sasha Levin To: "linux-kernel@vger.kernel.org" , "stable@vger.kernel.org" CC: Hao Chen , Johannes Berg , Sasha Levin Subject: [PATCH AUTOSEL for 4.14 087/110] nl80211: Check for the required netlink attribute presence Date: Sat, 3 Feb 2018 18:01:24 +0000 Message-ID: <20180203180015.29073-87-alexander.levin@microsoft.com> References: <20180203180015.29073-1-alexander.levin@microsoft.com> In-Reply-To: <20180203180015.29073-1-alexander.levin@microsoft.com> Content-Language: en-US Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Sender: stable-owner@vger.kernel.org List-ID: From: Hao Chen [ Upstream commit 3ea15452ee85754f70f3b9fa1f23165ef2e77ba7 ] nl80211_nan_add_func() does not check if the required attribute NL80211_NAN_FUNC_FOLLOW_UP_DEST is present when processing NL80211_CMD_ADD_NAN_FUNCTION request. This request can be issued by users with CAP_NET_ADMIN privilege and may result in NULL dereference and a system crash. Add a check for the required attribute presence. Signed-off-by: Hao Chen Signed-off-by: Johannes Berg Signed-off-by: Sasha Levin --- net/wireless/nl80211.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index d396cb61a280..93837c1b49eb 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -11298,7 +11298,8 @@ static int nl80211_nan_add_func(struct sk_buff *skb= , break; case NL80211_NAN_FUNC_FOLLOW_UP: if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] || - !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]) { + !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] || + !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) { err =3D -EINVAL; goto out; } --=20 2.11.0