From patchwork Wed Nov 27 03:00:54 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Chao Bi X-Patchwork-Id: 294472 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 5FB552C00A7 for ; Wed, 27 Nov 2013 13:31:41 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758785Ab3K0CbY (ORCPT ); Tue, 26 Nov 2013 21:31:24 -0500 Received: from mga02.intel.com ([134.134.136.20]:27961 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754146Ab3K0CbV (ORCPT ); Tue, 26 Nov 2013 21:31:21 -0500 Received: from orsmga002.jf.intel.com ([10.7.209.21]) by orsmga101.jf.intel.com with ESMTP; 26 Nov 2013 18:31:21 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="4.93,779,1378882800"; d="scan'208";a="442761177" Received: from bichao.sh.intel.com (HELO [10.239.67.167]) ([10.239.67.167]) by orsmga002.jf.intel.com with ESMTP; 26 Nov 2013 18:31:16 -0800 Subject: [PATCH] WIFI: handle a neglected case in nl80211_new_interface() From: Chao Bi To: Johannes Berg , "John W. Linville" , "David S. Miller" Cc: linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-wireless@vger.kernel.org Date: Wed, 27 Nov 2013 11:00:54 +0800 Message-ID: <1385521254.23222.8.camel@bichao> Mime-Version: 1.0 X-Mailer: Evolution 2.30.3 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org In nl80211_new_interface(), it calls rdev_add_virtual_intf() to create a new interface, however, it only checks whether returned value is err code, but doesn't check if returned value is NULL. The returned value could be NULL, for example, memory allocation failed when creating a new interface. when get a NULL returned value, nl80211_new_interface() is expected to return but it actually runs down to access the NULL pointer, this could lead to a panic. Signed-off-by: Chao Bi --- net/wireless/nl80211.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index a1eb210..27feeaf 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c @@ -2512,7 +2512,7 @@ static int nl80211_new_interface(struct sk_buff *skb, struct genl_info *info) wdev = rdev_add_virtual_intf(rdev, nla_data(info->attrs[NL80211_ATTR_IFNAME]), type, err ? NULL : &flags, ¶ms); - if (IS_ERR(wdev)) { + if (!wdev || IS_ERR(wdev)) { nlmsg_free(msg); return PTR_ERR(wdev); }