net: ieee802154: fix null deref in parse dev addr

jira LE-1907
cve CVE-2021-47257
Rebuild_History Non-Buildable kernel-4.18.0-553.16.1.el8_10
commit-author Dan Robertson <[email protected]>
commit 9fdd049

Fix a logic error that could result in a null deref if the user sets
the mode incorrectly for the given addr type.

	Signed-off-by: Dan Robertson <[email protected]>
	Acked-by: Alexander Aring <[email protected]>
Link: https://lore.kernel.org/r/[email protected]
	Signed-off-by: Stefan Schmidt <[email protected]>
(cherry picked from commit 9fdd049)
	Signed-off-by: Jonathan Maple <[email protected]>

Author: PlaidCat

net/ieee802154/nl802154.c

@@ -1299,19 +1299,20 @@ ieee802154_llsec_parse_dev_addr(struct nlattr *nla,
 	if (!nla || nla_parse_nested_deprecated(attrs, NL802154_DEV_ADDR_ATTR_MAX, nla, nl802154_dev_addr_policy, NULL))
 		return -EINVAL;
 
-	if (!attrs[NL802154_DEV_ADDR_ATTR_PAN_ID] ||
-	    !attrs[NL802154_DEV_ADDR_ATTR_MODE] ||
-	    !(attrs[NL802154_DEV_ADDR_ATTR_SHORT] ||
-	      attrs[NL802154_DEV_ADDR_ATTR_EXTENDED]))
+	if (!attrs[NL802154_DEV_ADDR_ATTR_PAN_ID] || !attrs[NL802154_DEV_ADDR_ATTR_MODE])
 		return -EINVAL;
 
 	addr->pan_id = nla_get_le16(attrs[NL802154_DEV_ADDR_ATTR_PAN_ID]);
 	addr->mode = nla_get_u32(attrs[NL802154_DEV_ADDR_ATTR_MODE]);
 	switch (addr->mode) {
 	case NL802154_DEV_ADDR_SHORT:
+		if (!attrs[NL802154_DEV_ADDR_ATTR_SHORT])
+			return -EINVAL;
 		addr->short_addr = nla_get_le16(attrs[NL802154_DEV_ADDR_ATTR_SHORT]);
 		break;
 	case NL802154_DEV_ADDR_EXTENDED:
+		if (!attrs[NL802154_DEV_ADDR_ATTR_EXTENDED])
+			return -EINVAL;
 		addr->extended_addr = nla_get_le64(attrs[NL802154_DEV_ADDR_ATTR_EXTENDED]);
 		break;
 	default: