From: Lorenzo Bianconi <lorenzo@kernel.org>
Date: Fri, 21 Aug 2020 10:52:15 +0000 (+0200)
Subject: mt76: fix a possible NULL pointer dereference in mt76_testmode_dump
X-Git-Tag: v5.10.7~1401^2~150^2~2^2~50
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=ce8463a726a5669b200a1c2c17f95bc1394cc6bf;p=platform%2Fkernel%2Flinux-rpi.git

mt76: fix a possible NULL pointer dereference in mt76_testmode_dump

Fix a possible NULL pointer dereference in mt76_testmode_dump() since
nla_nest_start returns NULL in case of error

Fixes: f0efa8621550e ("mt76: add API for testmode support")
Signed-off-by: Lorenzo Bianconi <lorenzo@kernel.org>
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---

diff --git a/drivers/net/wireless/mediatek/mt76/testmode.c b/drivers/net/wireless/mediatek/mt76/testmode.c
index 75bb02c..5bd6ac1 100644
--- a/drivers/net/wireless/mediatek/mt76/testmode.c
+++ b/drivers/net/wireless/mediatek/mt76/testmode.c
@@ -442,9 +442,13 @@ int mt76_testmode_dump(struct ieee80211_hw *hw, struct sk_buff *msg,
 	mutex_lock(&dev->mutex);
 
 	if (tb[MT76_TM_ATTR_STATS]) {
+		err = -EINVAL;
+
 		a = nla_nest_start(msg, MT76_TM_ATTR_STATS);
-		err = mt76_testmode_dump_stats(dev, msg);
-		nla_nest_end(msg, a);
+		if (a) {
+			err = mt76_testmode_dump_stats(dev, msg);
+			nla_nest_end(msg, a);
+		}
 
 		goto out;
 	}