* [PATCH 0/2] net: ieee802154: fix logic errors
@ 2021-04-23 4:02 Dan Robertson
2021-04-23 4:02 ` [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr Dan Robertson
2021-04-23 4:02 ` [PATCH 2/2] net: ieee802154: fix null deref in parse key id Dan Robertson
0 siblings, 2 replies; 8+ messages in thread
From: Dan Robertson @ 2021-04-23 4:02 UTC (permalink / raw)
To: Alexander Aring, Stefan Schmidt, David S . Miller, linux-wpan, netdev
Cc: Dan Robertson
I hit two null derefs due to logic errors.
- ieee802154_llsec_parse_key_id null deref if PAN ID is null.
- ieee802154_llsec_parse_dev_addr null deref if the given mode
does not match the given address.
New to ieee802154, so feedback would definitely be appreciated.
Dan Robertson (2):
net: ieee802154: fix null deref in parse dev addr
net: ieee802154: fix null deref in parse key id
net/ieee802154/nl-mac.c | 2 +-
net/ieee802154/nl802154.c | 9 +++++----
2 files changed, 6 insertions(+), 5 deletions(-)
--
2.31.1
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr
2021-04-23 4:02 [PATCH 0/2] net: ieee802154: fix logic errors Dan Robertson
@ 2021-04-23 4:02 ` Dan Robertson
2021-04-23 13:25 ` Alexander Aring
2021-04-23 4:02 ` [PATCH 2/2] net: ieee802154: fix null deref in parse key id Dan Robertson
1 sibling, 1 reply; 8+ messages in thread
From: Dan Robertson @ 2021-04-23 4:02 UTC (permalink / raw)
To: Alexander Aring, Stefan Schmidt, David S . Miller, linux-wpan, netdev
Cc: Dan Robertson
Fix a logic error that could result in a null deref if the user sets
the mode incorrectly for the given addr type.
Signed-off-by: Dan Robertson <dan@dlrobertson.com>
---
net/ieee802154/nl802154.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 7c5a1aa5adb4..59639afb4600 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1293,19 +1293,20 @@ ieee802154_llsec_parse_dev_addr(struct nlattr *nla,
if (!nla || nla_parse_nested_deprecated(attrs, NL802154_DEV_ADDR_ATTR_MAX, nla, nl802154_dev_addr_policy, NULL))
return -EINVAL;
- if (!attrs[NL802154_DEV_ADDR_ATTR_PAN_ID] ||
- !attrs[NL802154_DEV_ADDR_ATTR_MODE] ||
- !(attrs[NL802154_DEV_ADDR_ATTR_SHORT] ||
- attrs[NL802154_DEV_ADDR_ATTR_EXTENDED]))
+ if (!attrs[NL802154_DEV_ADDR_ATTR_PAN_ID] || !attrs[NL802154_DEV_ADDR_ATTR_MODE])
return -EINVAL;
addr->pan_id = nla_get_le16(attrs[NL802154_DEV_ADDR_ATTR_PAN_ID]);
addr->mode = nla_get_u32(attrs[NL802154_DEV_ADDR_ATTR_MODE]);
switch (addr->mode) {
case NL802154_DEV_ADDR_SHORT:
+ if (!attrs[NL802154_DEV_ADDR_ATTR_SHORT])
+ return -EINVAL;
addr->short_addr = nla_get_le16(attrs[NL802154_DEV_ADDR_ATTR_SHORT]);
break;
case NL802154_DEV_ADDR_EXTENDED:
+ if (!attrs[NL802154_DEV_ADDR_ATTR_EXTENDED])
+ return -EINVAL;
addr->extended_addr = nla_get_le64(attrs[NL802154_DEV_ADDR_ATTR_EXTENDED]);
break;
default:
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* [PATCH 2/2] net: ieee802154: fix null deref in parse key id
2021-04-23 4:02 [PATCH 0/2] net: ieee802154: fix logic errors Dan Robertson
2021-04-23 4:02 ` [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr Dan Robertson
@ 2021-04-23 4:02 ` Dan Robertson
2021-04-23 13:28 ` Alexander Aring
1 sibling, 1 reply; 8+ messages in thread
From: Dan Robertson @ 2021-04-23 4:02 UTC (permalink / raw)
To: Alexander Aring, Stefan Schmidt, David S . Miller, linux-wpan, netdev
Cc: Dan Robertson
Fix a logic error that could result in a null deref if the user does not
set the PAN ID but does set the address.
Signed-off-by: Dan Robertson <dan@dlrobertson.com>
---
net/ieee802154/nl-mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c
index 9c640d670ffe..66983c5d4d85 100644
--- a/net/ieee802154/nl-mac.c
+++ b/net/ieee802154/nl-mac.c
@@ -551,7 +551,7 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
desc->mode = nla_get_u8(info->attrs[IEEE802154_ATTR_LLSEC_KEY_MODE]);
if (desc->mode == IEEE802154_SCF_KEY_IMPLICIT) {
- if (!info->attrs[IEEE802154_ATTR_PAN_ID] &&
+ if (!info->attrs[IEEE802154_ATTR_PAN_ID] ||
!(info->attrs[IEEE802154_ATTR_SHORT_ADDR] ||
info->attrs[IEEE802154_ATTR_HW_ADDR]))
return -EINVAL;
--
2.31.1
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr
2021-04-23 4:02 ` [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr Dan Robertson
@ 2021-04-23 13:25 ` Alexander Aring
2021-04-23 15:10 ` Stefan Schmidt
0 siblings, 1 reply; 8+ messages in thread
From: Alexander Aring @ 2021-04-23 13:25 UTC (permalink / raw)
To: Dan Robertson
Cc: Stefan Schmidt, David S . Miller, linux-wpan - ML,
open list:NETWORKING [GENERAL]
Hi,
On Fri, 23 Apr 2021 at 00:02, Dan Robertson <dan@dlrobertson.com> wrote:
>
> Fix a logic error that could result in a null deref if the user sets
> the mode incorrectly for the given addr type.
>
> Signed-off-by: Dan Robertson <dan@dlrobertson.com>
Acked-by: Alexander Aring <aahringo@redhat.com>
Thanks.
- Alex
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] net: ieee802154: fix null deref in parse key id
2021-04-23 4:02 ` [PATCH 2/2] net: ieee802154: fix null deref in parse key id Dan Robertson
@ 2021-04-23 13:28 ` Alexander Aring
2021-04-23 14:35 ` Dan Robertson
0 siblings, 1 reply; 8+ messages in thread
From: Alexander Aring @ 2021-04-23 13:28 UTC (permalink / raw)
To: Dan Robertson
Cc: Stefan Schmidt, David S . Miller, linux-wpan - ML,
open list:NETWORKING [GENERAL]
Hi,
On Fri, 23 Apr 2021 at 00:03, Dan Robertson <dan@dlrobertson.com> wrote:
>
> Fix a logic error that could result in a null deref if the user does not
> set the PAN ID but does set the address.
That should already be fixed by commit 6f7f657f2440 ("net: ieee802154:
nl-mac: fix check on panid").
Thanks.
- Alex
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] net: ieee802154: fix null deref in parse key id
2021-04-23 13:28 ` Alexander Aring
@ 2021-04-23 14:35 ` Dan Robertson
2021-04-23 14:59 ` Stefan Schmidt
0 siblings, 1 reply; 8+ messages in thread
From: Dan Robertson @ 2021-04-23 14:35 UTC (permalink / raw)
To: Alexander Aring
Cc: Stefan Schmidt, David S . Miller, linux-wpan - ML,
open list:NETWORKING [GENERAL]
[-- Attachment #1: Type: text/plain, Size: 475 bytes --]
On Fri, Apr 23, 2021 at 09:28:48AM -0400, Alexander Aring wrote:
> Hi,
>
> On Fri, 23 Apr 2021 at 00:03, Dan Robertson <dan@dlrobertson.com> wrote:
> >
> > Fix a logic error that could result in a null deref if the user does not
> > set the PAN ID but does set the address.
>
> That should already be fixed by commit 6f7f657f2440 ("net: ieee802154:
> nl-mac: fix check on panid").
Ah right. I didn't look hard enough for an existing patch :) Thanks!
- Dan
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] net: ieee802154: fix null deref in parse key id
2021-04-23 14:35 ` Dan Robertson
@ 2021-04-23 14:59 ` Stefan Schmidt
0 siblings, 0 replies; 8+ messages in thread
From: Stefan Schmidt @ 2021-04-23 14:59 UTC (permalink / raw)
To: Dan Robertson, Alexander Aring
Cc: David S . Miller, linux-wpan - ML, open list:NETWORKING [GENERAL]
Hello.
On 23.04.21 16:35, Dan Robertson wrote:
> On Fri, Apr 23, 2021 at 09:28:48AM -0400, Alexander Aring wrote:
>> Hi,
>>
>> On Fri, 23 Apr 2021 at 00:03, Dan Robertson <dan@dlrobertson.com> wrote:
>>>
>>> Fix a logic error that could result in a null deref if the user does not
>>> set the PAN ID but does set the address.
>>
>> That should already be fixed by commit 6f7f657f2440 ("net: ieee802154:
>> nl-mac: fix check on panid").
>
> Ah right. I didn't look hard enough for an existing patch :) Thanks!
>
> - Dan
>
Dropped from my patchwork queue.
regards
Stefan Schmidt
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr
2021-04-23 13:25 ` Alexander Aring
@ 2021-04-23 15:10 ` Stefan Schmidt
0 siblings, 0 replies; 8+ messages in thread
From: Stefan Schmidt @ 2021-04-23 15:10 UTC (permalink / raw)
To: Alexander Aring, Dan Robertson
Cc: David S . Miller, linux-wpan - ML, open list:NETWORKING [GENERAL]
Hello.
On 23.04.21 15:25, Alexander Aring wrote:
> Hi,
>
> On Fri, 23 Apr 2021 at 00:02, Dan Robertson <dan@dlrobertson.com> wrote:
>>
>> Fix a logic error that could result in a null deref if the user sets
>> the mode incorrectly for the given addr type.
>>
>> Signed-off-by: Dan Robertson <dan@dlrobertson.com>
>
> Acked-by: Alexander Aring <aahringo@redhat.com>
>
> Thanks.
>
> - Alex
>
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2021-04-23 15:11 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-23 4:02 [PATCH 0/2] net: ieee802154: fix logic errors Dan Robertson
2021-04-23 4:02 ` [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr Dan Robertson
2021-04-23 13:25 ` Alexander Aring
2021-04-23 15:10 ` Stefan Schmidt
2021-04-23 4:02 ` [PATCH 2/2] net: ieee802154: fix null deref in parse key id Dan Robertson
2021-04-23 13:28 ` Alexander Aring
2021-04-23 14:35 ` Dan Robertson
2021-04-23 14:59 ` Stefan Schmidt
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).