nl80211: check nla_put_* return values
Coverity pointed out that in a few functions we don't check the return value of the nla_put_*() calls. Most of these are fairly harmless because the input isn't very dynamic and controlled by the kernel, but the pattern is simply wrong, so fix this. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Johannes Berg
Родитель
18db594a10
Коммит
ae917c9f55
|
|
@ -9633,8 +9633,9 @@ static int nl80211_add_scan_req(struct sk_buff *msg,
|
||||||
nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
|
nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
|
||||||
goto nla_put_failure;
|
goto nla_put_failure;
|
||||||
|
|
||||||
if (req->flags)
|
if (req->flags &&
|
||||||
nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags);
|
nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
|
||||||
|
goto nla_put_failure;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
nla_put_failure:
|
nla_put_failure:
|
||||||
|
|
@ -11118,16 +11119,18 @@ void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
|
||||||
wakeup->pattern_idx))
|
wakeup->pattern_idx))
|
||||||
goto free_msg;
|
goto free_msg;
|
||||||
|
|
||||||
if (wakeup->tcp_match)
|
if (wakeup->tcp_match &&
|
||||||
nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH);
|
nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
|
||||||
|
goto free_msg;
|
||||||
|
|
||||||
if (wakeup->tcp_connlost)
|
if (wakeup->tcp_connlost &&
|
||||||
nla_put_flag(msg,
|
nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
|
||||||
NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST);
|
goto free_msg;
|
||||||
|
|
||||||
if (wakeup->tcp_nomoretokens)
|
if (wakeup->tcp_nomoretokens &&
|
||||||
nla_put_flag(msg,
|
nla_put_flag(msg,
|
||||||
NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS);
|
NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
|
||||||
|
goto free_msg;
|
||||||
|
|
||||||
if (wakeup->packet) {
|
if (wakeup->packet) {
|
||||||
u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
|
u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
|
||||||
|
|
@ -11263,24 +11266,29 @@ void cfg80211_ft_event(struct net_device *netdev,
|
||||||
return;
|
return;
|
||||||
|
|
||||||
hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
|
hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
|
||||||
if (!hdr) {
|
if (!hdr)
|
||||||
nlmsg_free(msg);
|
goto out;
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
|
if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
|
||||||
nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
|
nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
|
||||||
nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap);
|
nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
|
||||||
if (ft_event->ies)
|
goto out;
|
||||||
nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies);
|
|
||||||
if (ft_event->ric_ies)
|
if (ft_event->ies &&
|
||||||
|
nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
|
||||||
|
goto out;
|
||||||
|
if (ft_event->ric_ies &&
|
||||||
nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
|
nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
|
||||||
ft_event->ric_ies);
|
ft_event->ric_ies))
|
||||||
|
goto out;
|
||||||
|
|
||||||
genlmsg_end(msg, hdr);
|
genlmsg_end(msg, hdr);
|
||||||
|
|
||||||
genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
|
genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
|
||||||
NL80211_MCGRP_MLME, GFP_KERNEL);
|
NL80211_MCGRP_MLME, GFP_KERNEL);
|
||||||
|
return;
|
||||||
|
out:
|
||||||
|
nlmsg_free(msg);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(cfg80211_ft_event);
|
EXPORT_SYMBOL(cfg80211_ft_event);
|
||||||
|
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче