Commit ce8463a7 authored Aug 21, 2020 by Lorenzo Bianconi Committed by Felix Fietkau Sep 24, 2020

mt76: fix a possible NULL pointer dereference in mt76_testmode_dump

Fix a possible NULL pointer dereference in mt76_testmode_dump() since
nla_nest_start returns NULL in case of error

Fixes: f0efa862

 ("mt76: add API for testmode support")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>

parent a081de17

drivers/net/wireless/mediatek/mt76/testmode.c

+6 −2

Original line number	Diff line number	Diff line
		@@ -442,9 +442,13 @@ int mt76_testmode_dump(struct ieee80211_hw hw, struct sk_buff msg,
		mutex_lock(&dev->mutex);

		if (tb[MT76_TM_ATTR_STATS]) {
		err = -EINVAL;

		a = nla_nest_start(msg, MT76_TM_ATTR_STATS);
		if (a) {
		err = mt76_testmode_dump_stats(dev, msg);
		nla_nest_end(msg, a);
		}

		goto out;
		}