From: Alexander Aring <aahri...@redhat.com> commit 3d1eac2f45585690d942cf47fd7fbd04093ebd1b upstream.
This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVICE is not set by the user. If this is the case nl802154 will return -EINVAL. Reported-by: syzbot+d946223c2e751d136...@syzkaller.appspotmail.com Signed-off-by: Alexander Aring <aahri...@redhat.com> Link: https://lore.kernel.org/r/20210221174321.14210-2-aahri...@redhat.com Signed-off-by: Stefan Schmidt <ste...@datenfreihafen.org> Signed-off-by: Greg Kroah-Hartman <gre...@linuxfoundation.org> --- net/ieee802154/nl802154.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/ieee802154/nl802154.c +++ b/net/ieee802154/nl802154.c @@ -1781,7 +1781,8 @@ static int nl802154_del_llsec_dev(struct struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1]; __le64 extended_addr; - if (nla_parse_nested(attrs, NL802154_DEV_ATTR_MAX, + if (!info->attrs[NL802154_ATTR_SEC_DEVICE] || + nla_parse_nested(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack)) return -EINVAL;
