From patchwork Thu Apr 12 16:56:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 10339089 X-Patchwork-Delegate: sameo@linux.intel.com Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id C4359602D8 for ; Thu, 12 Apr 2018 16:57:30 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B5EEC27F54 for ; Thu, 12 Apr 2018 16:57:30 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id AA4E627F8C; Thu, 12 Apr 2018 16:57:30 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-8.0 required=2.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6C6F527F54 for ; Thu, 12 Apr 2018 16:57:30 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753036AbeDLQ5D (ORCPT ); Thu, 12 Apr 2018 12:57:03 -0400 Received: from mail-wm0-f67.google.com ([74.125.82.67]:56283 "EHLO mail-wm0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752746AbeDLQ5B (ORCPT ); Thu, 12 Apr 2018 12:57:01 -0400 Received: by mail-wm0-f67.google.com with SMTP id b127so13156515wmf.5 for ; Thu, 12 Apr 2018 09:57:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=jLDJ4cUgMktDcIpJZ2dBIGEeWSUC7rDUv9h+eg6kmiU=; b=c4IES+PvZacZMuRSh0rOaT4tohUMbB+Aidj4NlsdQl2dt/BxdBejlSGa2yLgJpsG1U 5UpJd4YSRFwzfcL8lAxHDxM0chlnJecVcZf/UCDVNVrvwxdEFAje2TzxX8IYS/L84zwF D2uFEhuiu+etiJOz/+6c8k4CUSDv5D49ai/A01PbekX2uod2pnE6BOZ24V1Qy7II7Kt5 PyZGB1tTarwCMOKRr4rDvLFUHXRdnUGpR+6LlbqZ4aixV5ZrXOeCqC7tnc7bcdDxYdAR H8iPr//pZFHj8//A6Gyqlrhk4fZmjqV4DDd7m9O8PTL4LTMF3bjJi2S4FNofdkw0kP3+ Fibg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=jLDJ4cUgMktDcIpJZ2dBIGEeWSUC7rDUv9h+eg6kmiU=; b=Iaw5t6fOX10OlIQSmCgDn0qxUIb5LMHlXU9+O98htOvi59ULLpivYxTEg7JYXt8VxG i7gaRsUfNrJsNFszxGf8PaQPnFaWdNG94BgoZTyfPMdtkuoBquNQzsgcuIlEC/0hr9ei /nxx+mZNajhwne8IAgdSn5AXKswNdjrHzlmHUF+I0qvvod8funxbs4WqC45d/1ChmO6p xFPoWFt1GWUX540HVBf9sdJwKYZ/1zhYAdXv/ORHEPh5iVsTgL1DAvzdaWBtz6Pm06qt TxpwTS+tmZ0iMCq57KNslRqb+tXXW2ZJ6FzburDYWuwZ8EkB+TddOAo6UMqpTg05tfeE F2eA== X-Gm-Message-State: ALQs6tCDmGobRhkQd7mgWq929tceIJn2n5OQVPIx3iw5/5nSb5+VxeGh SkGcZYq+Ur7Y7fu8QVlANLXlsw== X-Google-Smtp-Source: AIpwx49CwEGE+2Us77Z94zRYn5KXynfxx6MT8HTt4rv3wZcHd7yUJOyOhXFLZGZPqCG+8AOg2cLMjg== X-Received: by 10.28.197.205 with SMTP id v196mr1380782wmf.39.1523552219946; Thu, 12 Apr 2018 09:56:59 -0700 (PDT) Received: from andreyknvl0.muc.corp.google.com ([2a00:79e0:15:10:84be:a42a:826d:c530]) by smtp.gmail.com with ESMTPSA id q127sm3902523wmd.3.2018.04.12.09.56.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Apr 2018 09:56:59 -0700 (PDT) From: Andrey Konovalov To: Samuel Ortiz , "David S . Miller" , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Dmitry Vyukov , Kostya Serebryany , Andrey Konovalov Subject: [PATCH] NFC: fix attrs checks in netlink interface Date: Thu, 12 Apr 2018 18:56:56 +0200 Message-Id: <75ce3040b4086ffa2d2e088ad7f24f5e4a87be56.1523552145.git.andreyknvl@google.com> X-Mailer: git-send-email 2.17.0.484.g0c8726318c-goog Sender: linux-wireless-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-wireless@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX attribute being present, but doesn't check whether it is actually provided by the user. Same goes for nfc_genl_fw_download() and NFC_ATTR_FIRMWARE_NAME. This patch adds appropriate checks. Found with syzkaller. Signed-off-by: Andrey Konovalov --- net/nfc/netlink.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index f018eafc2a0d..58adfb0c90f6 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -936,7 +936,8 @@ static int nfc_genl_deactivate_target(struct sk_buff *skb, u32 device_idx, target_idx; int rc; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || + !info->attrs[NFC_ATTR_TARGET_INDEX]) return -EINVAL; device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); @@ -1245,7 +1246,8 @@ static int nfc_genl_fw_download(struct sk_buff *skb, struct genl_info *info) u32 idx; char firmware_name[NFC_FIRMWARE_NAME_MAXSIZE + 1]; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || + !info->attrs[NFC_ATTR_FIRMWARE_NAME]) return -EINVAL; idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);