nl80211: check nla_put_* return values

Coverity pointed out that in a few functions we don't check the return value of the nla_put_*() calls. Most of these are fairly harmless because the input isn't very dynamic and controlled by the kernel, but the pattern is simply wrong, so fix this. Signed-off-by: Johannes Berg <johannes.berg@intel.com>
author: Johannes Berg <johannes.berg@intel.com> 2013-10-25 05:05:22 -0400
committer: Johannes Berg <johannes.berg@intel.com> 2013-11-25 10:50:05 -0500
commit: ae917c9f55862691e31b84de7ec29bedcb83971c (patch)
tree: 2e2b0e26b4e43d7520b9a4bfdc984af0e037456e /net/wireless/nl80211.c
parent: 18db594a1005d908d995a2fc8f5a7bf4286fdca0 (diff)
1 files changed, 30 insertions, 22 deletions
diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index a1eb21073176..0ffb18371376 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -9633,8 +9633,9 @@ static int nl80211_add_scan_req(struct sk_buff *msg,
            nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
                goto nla_put_failure;
-        if (req->flags)
+        if (req->flags &&
-                nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags);
+            nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
+                goto nla_put_failure;
        return 0;
 nla_put_failure:
@@ -11118,16 +11119,18 @@ void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
                                wakeup->pattern_idx))
                        goto free_msg;
-                if (wakeup->tcp_match)
+                if (wakeup->tcp_match &&
-                        nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH);
+                    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
+                        goto free_msg;
-                if (wakeup->tcp_connlost)
+                if (wakeup->tcp_connlost &&
-                        nla_put_flag(msg,
+                    nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
-                                     NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST);
+                        goto free_msg;
-                if (wakeup->tcp_nomoretokens)
+                if (wakeup->tcp_nomoretokens &&
-                        nla_put_flag(msg,
+                    nla_put_flag(msg,
-                                NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS);
+                                 NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
+                        goto free_msg;
                if (wakeup->packet) {
                        u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
@@ -11263,24 +11266,29 @@ void cfg80211_ft_event(struct net_device *netdev,
                return;
        hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
-        if (!hdr) {
+        if (!hdr)
-                nlmsg_free(msg);
+                goto out;
-                return;
-        }
+        if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) ||
+            nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) ||
+            nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
+                goto out;
-        nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);
+        if (ft_event->ies &&
-        nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);
+            nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
-        nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap);
+                goto out;
-        if (ft_event->ies)
+        if (ft_event->ric_ies &&
-                nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies);
+            nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
-        if (ft_event->ric_ies)
+                    ft_event->ric_ies))
-                nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
+                goto out;
-                        ft_event->ric_ies);
        genlmsg_end(msg, hdr);
        genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
                                NL80211_MCGRP_MLME, GFP_KERNEL);
+        return;
+ out:
+        nlmsg_free(msg);
 }
 EXPORT_SYMBOL(cfg80211_ft_event);
author	Johannes Berg <johannes.berg@intel.com>	2013-10-25 05:05:22 -0400
committer	Johannes Berg <johannes.berg@intel.com>	2013-11-25 10:50:05 -0500
commit	ae917c9f55862691e31b84de7ec29bedcb83971c (patch)
tree	2e2b0e26b4e43d7520b9a4bfdc984af0e037456e /net/wireless/nl80211.c
parent	18db594a1005d908d995a2fc8f5a7bf4286fdca0 (diff)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c index a1eb21073176..0ffb18371376 100644 --- a/net/wireless/nl80211.c +++ b/net/wireless/nl80211.c
@@ -9633,8 +9633,9 @@ static int nl80211_add_scan_req(struct sk_buff *msg,
9633	nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))	9633	nla_put(msg, NL80211_ATTR_IE, req->ie_len, req->ie))
9634	goto nla_put_failure;	9634	goto nla_put_failure;
9635		9635
9636	if (req->flags)	9636	if (req->flags &&
9637	nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags);	9637	nla_put_u32(msg, NL80211_ATTR_SCAN_FLAGS, req->flags))
		9638	goto nla_put_failure;
9638		9639
9639	return 0;	9640	return 0;
9640	nla_put_failure:	9641	nla_put_failure:
@@ -11118,16 +11119,18 @@ void cfg80211_report_wowlan_wakeup(struct wireless_dev *wdev,
11118	wakeup->pattern_idx))	11119	wakeup->pattern_idx))
11119	goto free_msg;	11120	goto free_msg;
11120		11121
11121	if (wakeup->tcp_match)	11122	if (wakeup->tcp_match &&
11122	nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH);	11123	nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_MATCH))
		11124	goto free_msg;
11123		11125
11124	if (wakeup->tcp_connlost)	11126	if (wakeup->tcp_connlost &&
11125	nla_put_flag(msg,	11127	nla_put_flag(msg, NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST))
11126	NL80211_WOWLAN_TRIG_WAKEUP_TCP_CONNLOST);	11128	goto free_msg;
11127		11129
11128	if (wakeup->tcp_nomoretokens)	11130	if (wakeup->tcp_nomoretokens &&
11129	nla_put_flag(msg,	11131	nla_put_flag(msg,
11130	NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS);	11132	NL80211_WOWLAN_TRIG_WAKEUP_TCP_NOMORETOKENS))
		11133	goto free_msg;
11131		11134
11132	if (wakeup->packet) {	11135	if (wakeup->packet) {
11133	u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;	11136	u32 pkt_attr = NL80211_WOWLAN_TRIG_WAKEUP_PKT_80211;
@@ -11263,24 +11266,29 @@ void cfg80211_ft_event(struct net_device *netdev,
11263	return;	11266	return;
11264		11267
11265	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);	11268	hdr = nl80211hdr_put(msg, 0, 0, 0, NL80211_CMD_FT_EVENT);
11266	if (!hdr) {	11269	if (!hdr)
11267	nlmsg_free(msg);	11270	goto out;
11268	return;	11271
11269	}	11272	if (nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx) \|\|
		11273	nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex) \|\|
		11274	nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap))
		11275	goto out;
11270		11276
11271	nla_put_u32(msg, NL80211_ATTR_WIPHY, rdev->wiphy_idx);	11277	if (ft_event->ies &&
11272	nla_put_u32(msg, NL80211_ATTR_IFINDEX, netdev->ifindex);	11278	nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies))
11273	nla_put(msg, NL80211_ATTR_MAC, ETH_ALEN, ft_event->target_ap);	11279	goto out;
11274	if (ft_event->ies)	11280	if (ft_event->ric_ies &&
11275	nla_put(msg, NL80211_ATTR_IE, ft_event->ies_len, ft_event->ies);	11281	nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,
11276	if (ft_event->ric_ies)	11282	ft_event->ric_ies))
11277	nla_put(msg, NL80211_ATTR_IE_RIC, ft_event->ric_ies_len,	11283	goto out;
11278	ft_event->ric_ies);
11279		11284
11280	genlmsg_end(msg, hdr);	11285	genlmsg_end(msg, hdr);
11281		11286
11282	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,	11287	genlmsg_multicast_netns(&nl80211_fam, wiphy_net(&rdev->wiphy), msg, 0,
11283	NL80211_MCGRP_MLME, GFP_KERNEL);	11288	NL80211_MCGRP_MLME, GFP_KERNEL);
		11289	return;
		11290	out:
		11291	nlmsg_free(msg);
11284	}	11292	}
11285	EXPORT_SYMBOL(cfg80211_ft_event);	11293	EXPORT_SYMBOL(cfg80211_ft_event);
11286		11294