nfc: fix potential NULL pointer deref in nfc_genl_dump_ses_done

krzk · kuba-moo · commit 4cd8371a234d · 2021-12-09T07:50:32.000-08:00
The done() netlink callback nfc_genl_dump_ses_done() should check if received argument is non-NULL, because its allocation could fail earlier in dumpit() (nfc_genl_dump_ses()). Fixes: ac22ac4 ("NFC: Add a GET_SE netlink API") Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Link: https://lore.kernel.org/r/20211209081307.57337-1-krzysztof.kozlowski@canonical.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
@@ -1394,8 +1394,10 @@ static int nfc_genl_dump_ses_done(struct netlink_callback *cb)
 {
 	struct class_dev_iter *iter = (struct class_dev_iter *) cb->args[0];
 
-	nfc_device_iter_exit(iter);
-	kfree(iter);
+	if (iter) {
+		nfc_device_iter_exit(iter);
+		kfree(iter);
+	}
 
 	return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -1394,8 +1394,10 @@ static int nfc_genl_dump_ses_done(struct netlink_callback *cb)`
`1394`	`1394`	`{`
`1395`	`1395`	`struct class_dev_iter iter = (struct class_dev_iter ) cb->args[0];`
`1396`	`1396`
`1397`		`- nfc_device_iter_exit(iter);`
`1398`		`- kfree(iter);`
	`1397`	`+ if (iter) {`
	`1398`	`+ nfc_device_iter_exit(iter);`
	`1399`	`+ kfree(iter);`
	`1400`	`+ }`
`1399`	`1401`
`1400`	`1402`	`return 0;`
`1401`	`1403`	`}`