From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: "Clément Perrochaud" <clement.perrochaud@effinnov.com>,
"Charles Gorand" <charles.gorand@effinnov.com>,
netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
"Sedat Dilek" <sedat.dilek@credativ.de>
Cc: Andrey Konovalov <andreyknvl@google.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Subject: [PATCH v4 01/14] NFC: fix attrs checks in netlink interface
Date: Mon, 29 Jul 2019 16:35:01 +0300 [thread overview]
Message-ID: <20190729133514.13164-2-andriy.shevchenko@linux.intel.com> (raw)
In-Reply-To: <20190729133514.13164-1-andriy.shevchenko@linux.intel.com>
From: Andrey Konovalov <andreyknvl@google.com>
nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX
attribute being present, but doesn't check whether it is actually
provided by the user. Same goes for nfc_genl_fw_download() and
NFC_ATTR_FIRMWARE_NAME.
This patch adds appropriate checks.
Found with syzkaller.
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
---
net/nfc/netlink.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 4a30309bb67f..60fd2748d0ea 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -970,7 +970,8 @@ static int nfc_genl_dep_link_down(struct sk_buff *skb, struct genl_info *info)
int rc;
u32 idx;
- if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
+ if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
+ !info->attrs[NFC_ATTR_TARGET_INDEX])
return -EINVAL;
idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
@@ -1018,7 +1019,8 @@ static int nfc_genl_llc_get_params(struct sk_buff *skb, struct genl_info *info)
struct sk_buff *msg = NULL;
u32 idx;
- if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
+ if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
+ !info->attrs[NFC_ATTR_FIRMWARE_NAME])
return -EINVAL;
idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
--
2.20.1
next prev parent reply other threads:[~2019-07-29 14:52 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-29 13:35 [PATCH v4 00/14] NFC: nxp-nci: clean up and new device support Andy Shevchenko
2019-07-29 13:35 ` Andy Shevchenko [this message]
2019-07-29 13:35 ` [PATCH v4 02/14] NFC: nxp-nci: Add NXP1001 to the ACPI ID table Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 03/14] NFC: nxp-nci: Get rid of platform data Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 04/14] NFC: nxp-nci: Convert to use GPIO descriptor Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 05/14] NFC: nxp-nci: Add GPIO ACPI mapping table Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 06/14] NFC: nxp-nci: Get rid of code duplication in ->probe() Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 07/14] NFC: nxp-nci: Get rid of useless label Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 08/14] NFC: nxp-nci: Constify acpi_device_id Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 09/14] NFC: nxp-nci: Drop of_match_ptr() use Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 10/14] NFC: nxp-nci: Drop comma in terminator lines Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 11/14] NFC: nxp-nci: Remove unused macro pr_fmt() Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 12/14] NFC: nxp-nci: Remove 'default n' for the core Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 13/14] NFC: nxp-nci: Clarify on supported chips Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 14/14] NFC: nxp-nci: Fix recommendation for NFC_NXP_NCI_I2C Kconfig Andy Shevchenko
2019-07-29 15:56 ` [PATCH v4 00/14] NFC: nxp-nci: clean up and new device support David Miller
2019-08-20 21:27 ` Sedat Dilek
2019-08-23 17:20 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190729133514.13164-2-andriy.shevchenko@linux.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=andreyknvl@google.com \
--cc=charles.gorand@effinnov.com \
--cc=clement.perrochaud@effinnov.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=sedat.dilek@credativ.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.