[PATCH 1/2] iw: mesh: fix crash when attempting to print the conf param "mesh_nolearn"

From: Gokul Sivakumar <gokulkumar792@gmail.com>
To: Johannes Berg <johannes@sipsolutions.net>
Cc: Gokul Sivakumar <gokulkumar792@gmail.com>,
	linux-wireless@vger.kernel.org
Subject: [PATCH 1/2] iw: mesh: fix crash when attempting to print the conf param "mesh_nolearn"
Date: Thu,  5 Aug 2021 21:08:06 +0530	[thread overview]
Message-ID: <20210805153807.645106-1-gokulkumar792@gmail.com> (raw)

Even if iw did not receive some of the meshconf attributes in response to
NL80211_CMD_GET_MESH_PARAMS, it tries to print that param and gets crashed.
Fix this by adding a condition check before trying to access each of the
mesh conf params.

$ iw dev mesh0 get mesh_param mesh_nolearn
Segmentation fault (core dumped)

 (gdb) bt
 #0  0x00007f21f54660e9 in nla_get_u8 () from /lib/x86_64-linux-gnu/libnl-3.so.200
 #1  0x0000562ba2f5d70d in _print_u8 (a=<optimized out>) at mesh.c:131
 #2  0x0000562ba2f5d7ce in print_mesh_param_handler (msg=<optimized out>,
     arg=0x562ba2f85758 <_mesh_param_descrs+1080>) at mesh.c:412
 #3  0x00007f21f546db9c in nl_recvmsgs_report () from /lib/x86_64-linux-gnu/libnl-3.so.200
 #4  0x00007f21f546e059 in nl_recvmsgs () from /lib/x86_64-linux-gnu/libnl-3.so.200
 #5  0x0000562ba2f5bb3b in __handle_cmd (state=0x7ffe677bc510, idby=II_NETDEV, argc=<optimized out>,
     argv=<optimized out>, cmdout=0x7ffe677bc508) at iw.c:541
 #6  0x0000562ba2f4fe0c in __handle_cmd (cmdout=0x7ffe677bc508, argv=0x7ffe677bc658, argc=4, idby=II_NETDEV,
     state=0x7ffe677bc510) at iw.c:613
 #7  main (argc=4, argv=0x7ffe677bc658) at iw.c:613
 (gdb) up 2
 #2  0x0000562ba2f5d7ce in print_mesh_param_handler (msg=<optimized out>,
     arg=0x562ba2f85758 <_mesh_param_descrs+1080>) at mesh.c:412
 412             mdescr->nla_print_fn(mesh_params[mdescr->mesh_param_num]);
 (gdb) i local
 mdescr = 0x562ba2f85758 <_mesh_param_descrs+1080>
 attrs = {0x0 <repeats 35 times>, 0x562ba4002a14, 0x0 <repeats 266 times>}
 parent_attr = <optimized out>
 mesh_params = {0x0, 0x562ba4002a20, 0x562ba4002a28, 0x562ba4002a30, 0x562ba4002a38, 0x562ba4002a40,
   0x562ba4002a48, 0x562ba4002a58, 0x562ba4002a68, 0x562ba4002a70, 0x562ba4002a78, 0x562ba4002a80,
   0x562ba4002a88, 0x562ba4002a98, 0x562ba4002aa0, 0x562ba4002a50, 0x562ba4002aa8, 0x562ba4002ab0,
   0x562ba4002a90, 0x562ba4002ab8, 0x562ba4002ac0, 0x562ba4002a60, 0x562ba4002ac8, 0x562ba4002ad0,
   0x562ba4002ad8, 0x562ba4002ae0, 0x562ba4002ae8, 0x562ba4002af0, 0x562ba4002af8, 0x562ba4002b00, 0x0, 0x0}
 gnlh = 0x562ba4002a10
 (gdb)
 (gdb) p mesh_params[30]
 $7 = (struct nlattr *) 0x0
 (gdb)

Signed-off-by: Gokul Sivakumar <gokulkumar792@gmail.com>
---
 mesh.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/mesh.c b/mesh.c
index 23b3471..3797335 100644
--- a/mesh.c
+++ b/mesh.c
@@ -401,16 +401,20 @@ static int print_mesh_param_handler(struct nl_msg *msg, void *arg)
 
 		for (i = 0; i < ARRAY_SIZE(_mesh_param_descrs); i++) {
 			mdescr = &_mesh_param_descrs[i];
-			printf("%s = ", mdescr->name);
-			mdescr->nla_print_fn(mesh_params[mdescr->mesh_param_num]);
-			printf("\n");
+			if (mesh_params[mdescr->mesh_param_num]) {
+				printf("%s = ", mdescr->name);
+				mdescr->nla_print_fn(mesh_params[mdescr->mesh_param_num]);
+				printf("\n");
+			}
 		}
 		return NL_SKIP;
 	}
 
 	/* print out the mesh parameter */
-	mdescr->nla_print_fn(mesh_params[mdescr->mesh_param_num]);
-	printf("\n");
+	if (mesh_params[mdescr->mesh_param_num]) {
+		mdescr->nla_print_fn(mesh_params[mdescr->mesh_param_num]);
+		printf("\n");
+	}
 	return NL_SKIP;
 }
 
-- 
2.25.1

