rfkill: Fix incorrect check to avoid NULL pointer dereference

In rfkill_register, the struct rfkill pointer is first derefernced
and then checked for NULL. This patch removes the BUG_ON and returns
an error to the caller in case rfkill is NULL.

Signed-off-by: Aditya Pakki <pakki001@umn.edu>
Link: https://lore.kernel.org/r/20191215153409.21696-1-pakki001@umn.edu
Signed-off-by: Johannes Berg <johannes.berg@intel.com>

diff --git a/net/rfkill/core.c b/net/rfkill/core.c
index 461d752..971c73c 100644 (file)
--- a/net/rfkill/core.c
+++ b/net/rfkill/core.c
@@ -1002,10 +1002,13 @@ static void rfkill_sync_work(struct work_struct *work)
 int __must_check rfkill_register(struct rfkill *rfkill)
 {
        static unsigned long rfkill_no;
-       struct device *dev = &rfkill->dev;
+       struct device *dev;
        int error;
 
-       BUG_ON(!rfkill);
+       if (!rfkill)
+               return -EINVAL;
+
+       dev = &rfkill->dev;
 
        mutex_lock(&rfkill_global_mutex);