From 2adcb3b0be6d834e8954e24d4005379c5fbb0635 Mon Sep 17 00:00:00 2001
From: renxiaohui <ren.xiaohui@zte.com.cn>
Date: Tue, 1 Jul 2025 17:10:57 +0800
Subject: [PATCH] wifi: nl80211: don't free NULL coalescing rule

commit 801ea33ae82d6a9d954074fbcf8ea9d18f1543a7 upstream

If the parsing fails, we can dereference a NULL pointer here.

Cc: stable@vger.kernel.org
Fixes: be29b99a9b51 ("cfg80211/nl80211: Add packet coalesce support")
Reviewed-by: Miriam Rachel Korenblit <miriam.rachel.korenblit@intel.com>
Link: https://msgid.link/20240418105220.b328f80406e7.Id75d961050deb05b3e4e354e024866f350c68103@changeid
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Xiaohui Ren <ren.xiaohui@zte.com.cn>
Signed-off-by: Wenya Zhang <zhang.wenya1@zte.com.cn>
Reviewed-by: Zhang Run<zhang.run@zte.com.cn>
---
 net/wireless/nl80211.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/wireless/nl80211.c b/net/wireless/nl80211.c
index e71b43aa1af7..70f35b683eef 100644
--- a/net/wireless/nl80211.c
+++ b/net/wireless/nl80211.c
@@ -14056,6 +14056,8 @@ static int nl80211_set_coalesce(struct sk_buff *skb, struct genl_info *info)
 error:
 	for (i = 0; i < new_coalesce.n_rules; i++) {
 		tmp_rule = &new_coalesce.rules[i];
+		if (!tmp_rule)
+			continue;
 		for (j = 0; j < tmp_rule->n_patterns; j++)
 			kfree(tmp_rule->patterns[j].mask);
 		kfree(tmp_rule->patterns);
-- 
Gitee