Patchwork NFC: Fix possible NULL ptr deref when getting the name of a socket

login
register
mail settings
Submitter Sasha Levin
Date June 6, 2012, 9:02 p.m.
Message ID <1339016575-18268-1-git-send-email-levinsasha928@gmail.com>
Download mbox | patch
Permalink /patch/163426/
State Not Applicable
Delegated to: David Miller
Headers show

Comments

Sasha Levin - June 6, 2012, 9:02 p.m.
llcp_sock_getname() might get called before the LLCP socket was created.
This condition isn't checked, and llcp_sock_getname will simply deref a
NULL ptr in that case.

This exists starting with d646960 ("NFC: Initial LLCP support").

Signed-off-by: Sasha Levin <levinsasha928@gmail.com>
---
 net/nfc/llcp/sock.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

Patch

diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 3f339b1..17a707d 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -292,6 +292,9 @@  static int llcp_sock_getname(struct socket *sock, struct sockaddr *addr,
 
 	pr_debug("%p\n", sk);
 
+	if (llcp_sock == NULL)
+		return -EBADFD;
+
 	addr->sa_family = AF_NFC;
 	*len = sizeof(struct sockaddr_nfc_llcp);