net/ncsi: check for null return from call to nla_nest_start

The call to nla_nest_start calls nla_put which can lead to a NULL return so it's possible for attr to become NULL and we can potentially get a NULL pointer dereference on attr. Fix this by checking for a NULL return. Detected by CoverityScan, CID#1466125 ("Dereference null return") Fixes: 955dc68c ("net/ncsi: Add generic netlink family") Signed-off-by: N Colin Ian King <colin.king@canonical.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

net/ncsi: check for null return from call to nla_nest_start
The call to nla_nest_start calls nla_put which can lead to a NULL return so it's possible for attr to become NULL and we can potentially get a NULL pointer dereference on attr. Fix this by checking for a NULL return. Detected by CoverityScan, CID#1466125 ("Dereference null return") Fixes: 955dc68c ("net/ncsi: Add generic netlink family") Signed-off-by: N Colin Ian King <colin.king@canonical.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
8daf1a2d · Colin Ian King · David S. Miller · 53066538 · 8daf1a2d
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

net/ncsi/ncsi-netlink.c net/ncsi/ncsi-netlink.c +4 -0

未找到文件。
--- a/net/ncsi/ncsi-netlink.c
+++ b/net/ncsi/ncsi-netlink.c
@@ -190,6 +190,10 @@ static int ncsi_pkg_info_nl(struct sk_buff *msg, struct genl_info *info)
 	package_id = nla_get_u32(info->attrs[NCSI_ATTR_PACKAGE_ID]);

 	attr = nla_nest_start(skb, NCSI_ATTR_PACKAGE_LIST);
+	if (!attr) {
+		kfree_skb(skb);
+		return -EMSGSIZE;
+	}
 	rc = ncsi_write_package_info(skb, ndp, package_id);

 	if (rc) {