From patchwork Wed Jun 6 21:02:55 2012 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sasha Levin X-Patchwork-Id: 163426 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id A4209B6FA8 for ; Thu, 7 Jun 2012 07:02:47 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756849Ab2FFVBz (ORCPT ); Wed, 6 Jun 2012 17:01:55 -0400 Received: from mail-gg0-f174.google.com ([209.85.161.174]:57703 "EHLO mail-gg0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751500Ab2FFVBy (ORCPT ); Wed, 6 Jun 2012 17:01:54 -0400 Received: by gglu4 with SMTP id u4so5408218ggl.19 for ; Wed, 06 Jun 2012 14:01:53 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:x-mailer; bh=A/n0sZaVQMv7yHUrGNZmw6oi325FlWkOLObL9qHtNTk=; b=SK9OrACTdssZEDOKL0KLnQ5CnGyNCTwAZ7sxP2tERufzVbSQbh9FnEtooDFNjC9KBs c9uCyympLBSrd32vX6sw95+YghYeOZ5zUWhFIvvG7tn50DKR3kOGqpYGwVrnxA2JpbP+ aD7CXKakY+rqAdzx/4uo2kTp684i5cuiO0Yb6rfa6riRrBxBryzpBGH2l9dMP81QzyuI +UDEBxtwo6PyAFpA5xQlxe9x+8ZB8Vv4x+ni29C0RjQiSSTtRfxbreWSCFlQ592+zZNv XPU5XORco8DWHqHbl66bZQ0RD626Opkm5+Vei+TJDM4D22Amwiz0Ilo5edWaNjLjZiX+ 7AhQ== Received: by 10.60.19.42 with SMTP id b10mr13518745oee.12.1339016513131; Wed, 06 Jun 2012 14:01:53 -0700 (PDT) Received: from lappy.us.oracle.com (95-89-78-76-dynip.superkabel.de. [95.89.78.76]) by mx.google.com with ESMTPS id g9sm767850oeh.10.2012.06.06.14.01.50 (version=TLSv1/SSLv3 cipher=OTHER); Wed, 06 Jun 2012 14:01:52 -0700 (PDT) From: Sasha Levin To: lauro.venancio@openbossa.org, aloisio.almeida@openbossa.org, sameo@linux.intel.com, davem@davemloft.net, linville@tuxdriver.com Cc: linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Sasha Levin Subject: [PATCH] NFC: Fix possible NULL ptr deref when getting the name of a socket Date: Wed, 6 Jun 2012 23:02:55 +0200 Message-Id: <1339016575-18268-1-git-send-email-levinsasha928@gmail.com> X-Mailer: git-send-email 1.7.8.6 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org llcp_sock_getname() might get called before the LLCP socket was created. This condition isn't checked, and llcp_sock_getname will simply deref a NULL ptr in that case. This exists starting with d646960 ("NFC: Initial LLCP support"). Signed-off-by: Sasha Levin --- net/nfc/llcp/sock.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index 3f339b1..17a707d 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c @@ -292,6 +292,9 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *addr, pr_debug("%p\n", sk); + if (llcp_sock == NULL) + return -EBADFD; + addr->sa_family = AF_NFC; *len = sizeof(struct sockaddr_nfc_llcp);