[PATCH] nl80211: Check for the required netlink attribute presence

[PATCH] nl80211: Check for the required netlink attribute presence

[Hao Chen]

nl80211_nan_add_func() does not check if the required attribute
NL80211_NAN_FUNC_FOLLOW_UP_DEST is present when processing
NL80211_CMD_ADD_NAN_FUNCTION request. This request can be issued
by users with CAP_NET_ADMIN privilege and may result in NULL dereference
and a system crash. Add a check for the required attribute presence.

Signed-off-by: Hao Chen <flank3rsky@gmail.com>
---
 net/wireless/nl80211.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 213d0c4..2b3dbcd 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -11361,7 +11361,8 @@ static int nl80211_nan_add_func(struct sk_buff *skb,
 		break;
 	case NL80211_NAN_FUNC_FOLLOW_UP:
 		if (!tb[NL80211_NAN_FUNC_FOLLOW_UP_ID] ||
-		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID]) {
+		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_REQ_ID] ||
+		    !tb[NL80211_NAN_FUNC_FOLLOW_UP_DEST]) {
 			err = -EINVAL;
 			goto out;
 		}
-- 
1.9.1

Re: [PATCH] nl80211: Check for the required netlink attribute presence

[Johannes Berg]

On Wed, 2018-01-03 at 11:00 +0800, Hao Chen wrote:
> nl80211_nan_add_func() does not check if the required attribute
> NL80211_NAN_FUNC_FOLLOW_UP_DEST is present when processing
> NL80211_CMD_ADD_NAN_FUNCTION request. This request can be issued
> by users with CAP_NET_ADMIN privilege and may result in NULL dereference
> and a system crash. Add a check for the required attribute presence.

Applied, thanks.

johannes