NFC: Fix possible NULL ptr deref when getting the name of a socket

Message ID
State Not Applicable, archived
Delegated to: David Miller
Headers show

Commit Message

Sasha Levin June 6, 2012, 9:02 p.m.
llcp_sock_getname() might get called before the LLCP socket was created.
This condition isn't checked, and llcp_sock_getname will simply deref a
NULL ptr in that case.

This exists starting with d646960 ("NFC: Initial LLCP support").

Signed-off-by: Sasha Levin <>
 net/nfc/llcp/sock.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)


diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 3f339b1..17a707d 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -292,6 +292,9 @@  static int llcp_sock_getname(struct socket *sock, struct sockaddr *addr,
 	pr_debug("%p\n", sk);
+	if (llcp_sock == NULL)
+		return -EBADFD;
 	addr->sa_family = AF_NFC;
 	*len = sizeof(struct sockaddr_nfc_llcp);