Linux-WPAN Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH 0/2] net: ieee802154: fix logic errors
@ 2021-04-23  4:02 Dan Robertson
  2021-04-23  4:02 ` [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr Dan Robertson
  2021-04-23  4:02 ` [PATCH 2/2] net: ieee802154: fix null deref in parse key id Dan Robertson
  0 siblings, 2 replies; 8+ messages in thread
From: Dan Robertson @ 2021-04-23  4:02 UTC (permalink / raw)
  To: Alexander Aring, Stefan Schmidt, David S . Miller, linux-wpan, netdev
  Cc: Dan Robertson

I hit two null derefs due to logic errors.

 - ieee802154_llsec_parse_key_id null deref if PAN ID is null.
 - ieee802154_llsec_parse_dev_addr null deref if the given mode
   does not match the given address.

New to ieee802154, so feedback would definitely be appreciated.

Dan Robertson (2):
  net: ieee802154: fix null deref in parse dev addr
  net: ieee802154: fix null deref in parse key id

 net/ieee802154/nl-mac.c   | 2 +-
 net/ieee802154/nl802154.c | 9 +++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

-- 
2.31.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr
  2021-04-23  4:02 [PATCH 0/2] net: ieee802154: fix logic errors Dan Robertson
@ 2021-04-23  4:02 ` Dan Robertson
  2021-04-23 13:25   ` Alexander Aring
  2021-04-23  4:02 ` [PATCH 2/2] net: ieee802154: fix null deref in parse key id Dan Robertson
  1 sibling, 1 reply; 8+ messages in thread
From: Dan Robertson @ 2021-04-23  4:02 UTC (permalink / raw)
  To: Alexander Aring, Stefan Schmidt, David S . Miller, linux-wpan, netdev
  Cc: Dan Robertson

Fix a logic error that could result in a null deref if the user sets
the mode incorrectly for the given addr type.

Signed-off-by: Dan Robertson <dan@dlrobertson.com>
---
 net/ieee802154/nl802154.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 7c5a1aa5adb4..59639afb4600 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1293,19 +1293,20 @@ ieee802154_llsec_parse_dev_addr(struct nlattr *nla,
 	if (!nla || nla_parse_nested_deprecated(attrs, NL802154_DEV_ADDR_ATTR_MAX, nla, nl802154_dev_addr_policy, NULL))
 		return -EINVAL;
 
-	if (!attrs[NL802154_DEV_ADDR_ATTR_PAN_ID] ||
-	    !attrs[NL802154_DEV_ADDR_ATTR_MODE] ||
-	    !(attrs[NL802154_DEV_ADDR_ATTR_SHORT] ||
-	      attrs[NL802154_DEV_ADDR_ATTR_EXTENDED]))
+	if (!attrs[NL802154_DEV_ADDR_ATTR_PAN_ID] || !attrs[NL802154_DEV_ADDR_ATTR_MODE])
 		return -EINVAL;
 
 	addr->pan_id = nla_get_le16(attrs[NL802154_DEV_ADDR_ATTR_PAN_ID]);
 	addr->mode = nla_get_u32(attrs[NL802154_DEV_ADDR_ATTR_MODE]);
 	switch (addr->mode) {
 	case NL802154_DEV_ADDR_SHORT:
+		if (!attrs[NL802154_DEV_ADDR_ATTR_SHORT])
+			return -EINVAL;
 		addr->short_addr = nla_get_le16(attrs[NL802154_DEV_ADDR_ATTR_SHORT]);
 		break;
 	case NL802154_DEV_ADDR_EXTENDED:
+		if (!attrs[NL802154_DEV_ADDR_ATTR_EXTENDED])
+			return -EINVAL;
 		addr->extended_addr = nla_get_le64(attrs[NL802154_DEV_ADDR_ATTR_EXTENDED]);
 		break;
 	default:
-- 
2.31.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* [PATCH 2/2] net: ieee802154: fix null deref in parse key id
  2021-04-23  4:02 [PATCH 0/2] net: ieee802154: fix logic errors Dan Robertson
  2021-04-23  4:02 ` [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr Dan Robertson
@ 2021-04-23  4:02 ` Dan Robertson
  2021-04-23 13:28   ` Alexander Aring
  1 sibling, 1 reply; 8+ messages in thread
From: Dan Robertson @ 2021-04-23  4:02 UTC (permalink / raw)
  To: Alexander Aring, Stefan Schmidt, David S . Miller, linux-wpan, netdev
  Cc: Dan Robertson

Fix a logic error that could result in a null deref if the user does not
set the PAN ID but does set the address.

Signed-off-by: Dan Robertson <dan@dlrobertson.com>
---
 net/ieee802154/nl-mac.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c
index 9c640d670ffe..66983c5d4d85 100644
--- a/net/ieee802154/nl-mac.c
+++ b/net/ieee802154/nl-mac.c
@@ -551,7 +551,7 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
 	desc->mode = nla_get_u8(info->attrs[IEEE802154_ATTR_LLSEC_KEY_MODE]);
 
 	if (desc->mode == IEEE802154_SCF_KEY_IMPLICIT) {
-		if (!info->attrs[IEEE802154_ATTR_PAN_ID] &&
+		if (!info->attrs[IEEE802154_ATTR_PAN_ID] ||
 		    !(info->attrs[IEEE802154_ATTR_SHORT_ADDR] ||
 		      info->attrs[IEEE802154_ATTR_HW_ADDR]))
 			return -EINVAL;
-- 
2.31.1


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr
  2021-04-23  4:02 ` [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr Dan Robertson
@ 2021-04-23 13:25   ` Alexander Aring
  2021-04-23 15:10     ` Stefan Schmidt
  0 siblings, 1 reply; 8+ messages in thread
From: Alexander Aring @ 2021-04-23 13:25 UTC (permalink / raw)
  To: Dan Robertson
  Cc: Stefan Schmidt, David S . Miller, linux-wpan - ML,
	open list:NETWORKING [GENERAL]

Hi,

On Fri, 23 Apr 2021 at 00:02, Dan Robertson <dan@dlrobertson.com> wrote:
>
> Fix a logic error that could result in a null deref if the user sets
> the mode incorrectly for the given addr type.
>
> Signed-off-by: Dan Robertson <dan@dlrobertson.com>

Acked-by: Alexander Aring <aahringo@redhat.com>

Thanks.

- Alex

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 2/2] net: ieee802154: fix null deref in parse key id
  2021-04-23  4:02 ` [PATCH 2/2] net: ieee802154: fix null deref in parse key id Dan Robertson
@ 2021-04-23 13:28   ` Alexander Aring
  2021-04-23 14:35     ` Dan Robertson
  0 siblings, 1 reply; 8+ messages in thread
From: Alexander Aring @ 2021-04-23 13:28 UTC (permalink / raw)
  To: Dan Robertson
  Cc: Stefan Schmidt, David S . Miller, linux-wpan - ML,
	open list:NETWORKING [GENERAL]

Hi,

On Fri, 23 Apr 2021 at 00:03, Dan Robertson <dan@dlrobertson.com> wrote:
>
> Fix a logic error that could result in a null deref if the user does not
> set the PAN ID but does set the address.

That should already be fixed by commit 6f7f657f2440 ("net: ieee802154:
nl-mac: fix check on panid").

Thanks.

- Alex

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 2/2] net: ieee802154: fix null deref in parse key id
  2021-04-23 13:28   ` Alexander Aring
@ 2021-04-23 14:35     ` Dan Robertson
  2021-04-23 14:59       ` Stefan Schmidt
  0 siblings, 1 reply; 8+ messages in thread
From: Dan Robertson @ 2021-04-23 14:35 UTC (permalink / raw)
  To: Alexander Aring
  Cc: Stefan Schmidt, David S . Miller, linux-wpan - ML,
	open list:NETWORKING [GENERAL]


[-- Attachment #1: Type: text/plain, Size: 475 bytes --]

On Fri, Apr 23, 2021 at 09:28:48AM -0400, Alexander Aring wrote:
> Hi,
> 
> On Fri, 23 Apr 2021 at 00:03, Dan Robertson <dan@dlrobertson.com> wrote:
> >
> > Fix a logic error that could result in a null deref if the user does not
> > set the PAN ID but does set the address.
> 
> That should already be fixed by commit 6f7f657f2440 ("net: ieee802154:
> nl-mac: fix check on panid").

Ah right. I didn't look hard enough for an existing patch :) Thanks!

 - Dan

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 2/2] net: ieee802154: fix null deref in parse key id
  2021-04-23 14:35     ` Dan Robertson
@ 2021-04-23 14:59       ` Stefan Schmidt
  0 siblings, 0 replies; 8+ messages in thread
From: Stefan Schmidt @ 2021-04-23 14:59 UTC (permalink / raw)
  To: Dan Robertson, Alexander Aring
  Cc: David S . Miller, linux-wpan - ML, open list:NETWORKING [GENERAL]

Hello.

On 23.04.21 16:35, Dan Robertson wrote:
> On Fri, Apr 23, 2021 at 09:28:48AM -0400, Alexander Aring wrote:
>> Hi,
>>
>> On Fri, 23 Apr 2021 at 00:03, Dan Robertson <dan@dlrobertson.com> wrote:
>>>
>>> Fix a logic error that could result in a null deref if the user does not
>>> set the PAN ID but does set the address.
>>
>> That should already be fixed by commit 6f7f657f2440 ("net: ieee802154:
>> nl-mac: fix check on panid").
> 
> Ah right. I didn't look hard enough for an existing patch :) Thanks!
> 
>   - Dan
> 

Dropped from my patchwork queue.

regards
Stefan Schmidt

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr
  2021-04-23 13:25   ` Alexander Aring
@ 2021-04-23 15:10     ` Stefan Schmidt
  0 siblings, 0 replies; 8+ messages in thread
From: Stefan Schmidt @ 2021-04-23 15:10 UTC (permalink / raw)
  To: Alexander Aring, Dan Robertson
  Cc: David S . Miller, linux-wpan - ML, open list:NETWORKING [GENERAL]

Hello.

On 23.04.21 15:25, Alexander Aring wrote:
> Hi,
> 
> On Fri, 23 Apr 2021 at 00:02, Dan Robertson <dan@dlrobertson.com> wrote:
>>
>> Fix a logic error that could result in a null deref if the user sets
>> the mode incorrectly for the given addr type.
>>
>> Signed-off-by: Dan Robertson <dan@dlrobertson.com>
> 
> Acked-by: Alexander Aring <aahringo@redhat.com>
> 
> Thanks.
> 
> - Alex
> 


This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!

regards
Stefan Schmidt

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, back to index

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-23  4:02 [PATCH 0/2] net: ieee802154: fix logic errors Dan Robertson
2021-04-23  4:02 ` [PATCH 1/2] net: ieee802154: fix null deref in parse dev addr Dan Robertson
2021-04-23 13:25   ` Alexander Aring
2021-04-23 15:10     ` Stefan Schmidt
2021-04-23  4:02 ` [PATCH 2/2] net: ieee802154: fix null deref in parse key id Dan Robertson
2021-04-23 13:28   ` Alexander Aring
2021-04-23 14:35     ` Dan Robertson
2021-04-23 14:59       ` Stefan Schmidt

Linux-WPAN Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-wpan/0 linux-wpan/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-wpan linux-wpan/ https://lore.kernel.org/linux-wpan \
		linux-wpan@vger.kernel.org
	public-inbox-index linux-wpan

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-wpan


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git