nl80211: Handle nla_memdup failures in handle_nan_filter

As there's potential for failure of the nla_memdup(),
check the return value.

Fixes: a442b761b24b ("cfg80211: add add_nan_func / del_nan_func")
Signed-off-by: Jiasheng Jiang <jiasheng@iscas.ac.cn>
Link: https://lore.kernel.org/r/20220301100020.3801187-1-jiasheng@iscas.ac.cn
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index 578bff9..b1909ce 100644 (file)
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -13411,6 +13411,9 @@ static int handle_nan_filter(struct nlattr *attr_filter,
        i = 0;
        nla_for_each_nested(attr, attr_filter, rem) {
                filter[i].filter = nla_memdup(attr, GFP_KERNEL);
+               if (!filter[i].filter)
+                       goto err;
+
                filter[i].len = nla_len(attr);
                i++;
        }
@@ -13423,6 +13426,15 @@ static int handle_nan_filter(struct nlattr *attr_filter,
        }
 
        return 0;
+
+err:
+       i = 0;
+       nla_for_each_nested(attr, attr_filter, rem) {
+               kfree(filter[i].filter);
+               i++;
+       }
+       kfree(filter);
+       return -ENOMEM;
 }
 
 static int nl80211_nan_add_func(struct sk_buff *skb,