dpll: sanitize possible null pointer dereference in dpll_pin_parent_pin_set()

User may not pass DPLL_A_PIN_STATE attribute in the pin set operation
message. Sanitize that by checking if the attr pointer is not null
and process the passed state attribute value only in that case.

Reported-by: Xingyuan Mo <hdthky0@gmail.com>
Fixes: 9d71b54b65b1 ("dpll: netlink: Add DPLL framework base functions")
Signed-off-by: Jiri Pirko <jiri@nvidia.com>
Acked-by: Vadim Fedorenko <vadim.fedorenko@linux.dev>
Link: https://lore.kernel.org/r/20231211083758.1082853-1-jiri@resnulli.us
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/drivers/dpll/dpll_netlink.c b/drivers/dpll/dpll_netlink.c
index 442a0ebeb953e983d053d4c70d919e3a8aee213e..ce7cf736f0208466a1623520ab80cb5eed62cb8f 100644 (file)
--- a/drivers/dpll/dpll_netlink.c
+++ b/drivers/dpll/dpll_netlink.c
@@ -925,7 +925,6 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest,
                        struct netlink_ext_ack *extack)
 {
        struct nlattr *tb[DPLL_A_PIN_MAX + 1];
-       enum dpll_pin_state state;
        u32 ppin_idx;
        int ret;
 
@@ -936,10 +935,14 @@ dpll_pin_parent_pin_set(struct dpll_pin *pin, struct nlattr *parent_nest,
                return -EINVAL;
        }
        ppin_idx = nla_get_u32(tb[DPLL_A_PIN_PARENT_ID]);
-       state = nla_get_u32(tb[DPLL_A_PIN_STATE]);
-       ret = dpll_pin_on_pin_state_set(pin, ppin_idx, state, extack);
-       if (ret)
-               return ret;
+
+       if (tb[DPLL_A_PIN_STATE]) {
+               enum dpll_pin_state state = nla_get_u32(tb[DPLL_A_PIN_STATE]);
+
+               ret = dpll_pin_on_pin_state_set(pin, ppin_idx, state, extack);
+               if (ret)
+                       return ret;
+       }
 
        return 0;
 }