Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2379618lqp; Sun, 24 Mar 2024 16:48:35 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCWhqbVdMqUZi2R81ghq0JbpOj3ETMBnNdpid2xXRGmjzzUO6uz2AHdFYIMjKxsepBDteebCjpNs4w/MqRkp9tT1Bds2wXHt5Ez6EPr4vQ== X-Google-Smtp-Source: AGHT+IHhI7L68tZUF9IFUxYKo2HJ8w9/aBmfqgQPcNqxUAX9Bipizrihw6SyEBmRPyXDybOF+bms X-Received: by 2002:a17:90a:2f06:b0:2a0:4a82:5b05 with SMTP id s6-20020a17090a2f0600b002a04a825b05mr7525917pjd.19.1711324115375; Sun, 24 Mar 2024 16:48:35 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711324115; cv=pass; d=google.com; s=arc-20160816; b=ewETsybiQjm17Vvz6dNtvH7xgsYKyny6xh2JiHU93F+kRjPCULXxCA0aOilcZ+hhS1 83VxXPcXEZlm9oKW045Vy+6qcJ4qRQayp//PfjAkALFRa2CxIKmEkouX75wqrVQ76LZ4 6p/+UqvGucIsdPhscxpIi1RqYwdYNok0VH7Sk8BnzP2J/h1Q1njvkE922GL1nLNn+RKj xrSVAFAr3AKK3p7LNBpby/w29Lj4EqznGAuczsd7Ci5FKSvYR3ZBTyAF719aJclrUcxV jhRium1pHxcLu86dZiHVpfWC6j8CWnl+JMCOzBvjmxjfDUsqwfSSJRdBCPeKj1yzsNR6 EHeg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=ZNcacp4XIY1qU8eY7CvYjkV5Ci4Qu8PJswvUL6+dey4=; fh=f/iUgP7GPjt7VVpwpbfoZi4EVvCBwdN0Q2Ds9E0wDi0=; b=RTqI2/t5TR+IMt+VWmBAg8M2E1omUc3iiLDZhbgjEH8boCaGWniCRy76TroUD4oto7 +890N7NJ27WSNyaQZ4J0lajMvpsoEwVwSlyF2wakn3AMyNDc13N9MgwOyaunxDNb+lt/ CzP5DeydRV7sFuBuqgmO7hR4cWkStyixllTgs+q/Dj3zGEnPneZsV0gekQNJx6nFhEo5 /IM7AewZLWUYSX+NNrnawbTiJ9YCrS8wjRv/ttkeKTN/xj/rYqnzsCbEiUDoHkaTVeYl nEzSBtPry2TZoAi9dvAxivslZWYWoI8EYkn1JGt+2ufNURHBIVyCgrRNjYwLsjoggjp7 rB/g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OGC+aCQB; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113181-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113181-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id s20-20020a63af54000000b005dc82971737si6580942pgo.365.2024.03.24.16.48.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Mar 2024 16:48:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-113181-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=OGC+aCQB; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113181-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113181-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id B60A528A335 for ; Sun, 24 Mar 2024 23:38:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A4C5713C690; Sun, 24 Mar 2024 22:39:44 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="OGC+aCQB" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA4B013C66C; Sun, 24 Mar 2024 22:39:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711319983; cv=none; b=ujX7NMHSJZTISTS9+11CLZfksMKxG3T0aqv/dxq26DsFOTLw4BqthS88cP9AsKqFQRZByYXAO0SK05Ox7RdqiM0R57axVMAG83LhNM0WlusNauQzjuodsQ75+hvfNwL2Oc9SPAzoF98EyxCRzguvhqJuYWJgpnbu76c6TK9z3Pk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711319983; c=relaxed/simple; bh=ODNq6VjdTAkK9hE3MwH5qsHXBCQEHWswAoxlRaHG5z0=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qn//k86UjFZ9b3qnnb/Qf3pFU36eNmAalQjMSFrn17V6iDkbVKfkwd7etmCribzhBU50k80gLK163XIoMvYjaZmWYV+Ren80zj9d/dVZ6/COUf83U5J8Os6CW2Xj7sS0VmkKRZxycij3vxO0XFZoF0gXHzczXrFKrMY31jmNQzE= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=OGC+aCQB; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id BD690C433F1; Sun, 24 Mar 2024 22:39:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711319983; bh=ODNq6VjdTAkK9hE3MwH5qsHXBCQEHWswAoxlRaHG5z0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=OGC+aCQBfQSWjMCzEGOOAWofOuLso//5GwAhzAacjWORtT9oPJPNm+Dz8kA8h6jJe Cy+eWxglBri+EsCiOIzfNjmS6zjhrq2+fcSDNDiqT5oYKuG25P1FiVJKFaSvhNH46m fyOHqaYu8L5UhCN2qb2jGetWWWovBlYohlpv32dosqwveUxVzo7ojc/X0PXCI3BCV/ GONJlsfcpD3xwbkMXILjD87CKi3aOQro3D5OWPgpuqHkDhzz7bQ8itgj5/ZcmFYMEu 0cpUySwBM4OwgDhMHKUHFsg3A2P3+Nb7cQKCASMbksEgXjfXq1KifnEAiamvyGyX1K PQi/bIPaCIRcw== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Duoming Zhou , Arend van Spriel , Kees Cook , Kalle Valo , Sasha Levin Subject: [PATCH 6.8 290/715] wifi: brcm80211: handle pmk_op allocation failure Date: Sun, 24 Mar 2024 18:27:49 -0400 Message-ID: <20240324223455.1342824-291-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324223455.1342824-1-sashal@kernel.org> References: <20240324223455.1342824-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Duoming Zhou [ Upstream commit b4152222e04cb8afeeca239c90e3fcaf4c553b42 ] The kzalloc() in brcmf_pmksa_v3_op() will return null if the physical memory has run out. As a result, if we dereference the null value, the null pointer dereference bug will happen. Return -ENOMEM from brcmf_pmksa_v3_op() if kzalloc() fails for pmk_op. Fixes: a96202acaea4 ("wifi: brcmfmac: cfg80211: Add support for PMKID_V3 operations") Acked-by: Arend van Spriel Signed-off-by: Duoming Zhou Reviewed-by: Kees Cook Signed-off-by: Kalle Valo Link: https://msgid.link/20240229103153.18533-1-duoming@zju.edu.cn Signed-off-by: Sasha Levin --- drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c index 28d6a30cc0106..1a5d7494f5e80 100644 --- a/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c +++ b/drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c @@ -4322,6 +4322,9 @@ brcmf_pmksa_v3_op(struct brcmf_if *ifp, struct cfg80211_pmksa *pmksa, int ret; pmk_op = kzalloc(sizeof(*pmk_op), GFP_KERNEL); + if (!pmk_op) + return -ENOMEM; + pmk_op->version = cpu_to_le16(BRCMF_PMKSA_VER_3); if (!pmksa) { -- 2.43.0