* [PATCH wpan 2/4] net: ieee802154: fix nl802154 del llsec dev
2021-02-21 17:43 [PATCH wpan 1/4] net: ieee802154: fix nl802154 del llsec key Alexander Aring
@ 2021-02-21 17:43 ` Alexander Aring
2021-02-24 13:37 ` Stefan Schmidt
2021-02-21 17:43 ` [PATCH wpan 3/4] net: ieee802154: fix nl802154 add llsec key Alexander Aring
` (3 subsequent siblings)
4 siblings, 1 reply; 10+ messages in thread
From: Alexander Aring @ 2021-02-21 17:43 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVICE is
not set by the user. If this is the case nl802154 will return -EINVAL.
Reported-by: syzbot+d946223c2e751d136c94@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 2f0a138bd5eb..063b12cba71f 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1758,7 +1758,8 @@ static int nl802154_del_llsec_dev(struct sk_buff *skb, struct genl_info *info)
struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1];
__le64 extended_addr;
- if (nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
+ if (!info->attrs[NL802154_ATTR_SEC_DEVICE] ||
+ nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
return -EINVAL;
if (!attrs[NL802154_DEV_ATTR_EXTENDED_ADDR])
--
2.26.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH wpan 2/4] net: ieee802154: fix nl802154 del llsec dev
2021-02-21 17:43 ` [PATCH wpan 2/4] net: ieee802154: fix nl802154 del llsec dev Alexander Aring
@ 2021-02-24 13:37 ` Stefan Schmidt
0 siblings, 0 replies; 10+ messages in thread
From: Stefan Schmidt @ 2021-02-24 13:37 UTC (permalink / raw)
To: Alexander Aring; +Cc: linux-wpan, netdev
Hello.
On 21.02.21 18:43, Alexander Aring wrote:
> This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVICE is
> not set by the user. If this is the case nl802154 will return -EINVAL.
>
> Reported-by: syzbot+d946223c2e751d136c94@syzkaller.appspotmail.com
> Signed-off-by: Alexander Aring <aahringo@redhat.com>
> ---
> net/ieee802154/nl802154.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index 2f0a138bd5eb..063b12cba71f 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -1758,7 +1758,8 @@ static int nl802154_del_llsec_dev(struct sk_buff *skb, struct genl_info *info)
> struct nlattr *attrs[NL802154_DEV_ATTR_MAX + 1];
> __le64 extended_addr;
>
> - if (nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
> + if (!info->attrs[NL802154_ATTR_SEC_DEVICE] ||
> + nla_parse_nested_deprecated(attrs, NL802154_DEV_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVICE], nl802154_dev_policy, info->extack))
> return -EINVAL;
>
> if (!attrs[NL802154_DEV_ATTR_EXTENDED_ADDR])
>
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH wpan 3/4] net: ieee802154: fix nl802154 add llsec key
2021-02-21 17:43 [PATCH wpan 1/4] net: ieee802154: fix nl802154 del llsec key Alexander Aring
2021-02-21 17:43 ` [PATCH wpan 2/4] net: ieee802154: fix nl802154 del llsec dev Alexander Aring
@ 2021-02-21 17:43 ` Alexander Aring
2021-02-24 13:38 ` Stefan Schmidt
2021-02-21 17:43 ` [PATCH wpan 4/4] net: ieee802154: fix nl802154 del llsec devkey Alexander Aring
` (2 subsequent siblings)
4 siblings, 1 reply; 10+ messages in thread
From: Alexander Aring @ 2021-02-21 17:43 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is
not set by the user. If this is the case nl802154 will return -EINVAL.
Reported-by: syzbot+ce4e062c2d51977ddc50@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 063b12cba71f..3f6d86d63923 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1544,7 +1544,8 @@ static int nl802154_add_llsec_key(struct sk_buff *skb, struct genl_info *info)
struct ieee802154_llsec_key_id id = { };
u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { };
- if (nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
+ if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
+ nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
return -EINVAL;
if (!attrs[NL802154_KEY_ATTR_USAGE_FRAMES] ||
--
2.26.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH wpan 3/4] net: ieee802154: fix nl802154 add llsec key
2021-02-21 17:43 ` [PATCH wpan 3/4] net: ieee802154: fix nl802154 add llsec key Alexander Aring
@ 2021-02-24 13:38 ` Stefan Schmidt
0 siblings, 0 replies; 10+ messages in thread
From: Stefan Schmidt @ 2021-02-24 13:38 UTC (permalink / raw)
To: Alexander Aring; +Cc: linux-wpan, netdev
Hello.
On 21.02.21 18:43, Alexander Aring wrote:
> This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is
> not set by the user. If this is the case nl802154 will return -EINVAL.
>
> Reported-by: syzbot+ce4e062c2d51977ddc50@syzkaller.appspotmail.com
> Signed-off-by: Alexander Aring <aahringo@redhat.com>
> ---
> net/ieee802154/nl802154.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index 063b12cba71f..3f6d86d63923 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -1544,7 +1544,8 @@ static int nl802154_add_llsec_key(struct sk_buff *skb, struct genl_info *info)
> struct ieee802154_llsec_key_id id = { };
> u32 commands[NL802154_CMD_FRAME_NR_IDS / 32] = { };
>
> - if (nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
> + if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
> + nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
> return -EINVAL;
>
> if (!attrs[NL802154_KEY_ATTR_USAGE_FRAMES] ||
>
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH wpan 4/4] net: ieee802154: fix nl802154 del llsec devkey
2021-02-21 17:43 [PATCH wpan 1/4] net: ieee802154: fix nl802154 del llsec key Alexander Aring
2021-02-21 17:43 ` [PATCH wpan 2/4] net: ieee802154: fix nl802154 del llsec dev Alexander Aring
2021-02-21 17:43 ` [PATCH wpan 3/4] net: ieee802154: fix nl802154 add llsec key Alexander Aring
@ 2021-02-21 17:43 ` Alexander Aring
2021-02-24 13:39 ` Stefan Schmidt
2021-02-24 13:39 ` Stefan Schmidt
2021-02-23 22:04 ` [PATCH wpan 1/4] net: ieee802154: fix nl802154 del llsec key Jakub Kicinski
2021-02-24 13:37 ` Stefan Schmidt
4 siblings, 2 replies; 10+ messages in thread
From: Alexander Aring @ 2021-02-21 17:43 UTC (permalink / raw)
To: stefan; +Cc: linux-wpan, netdev
This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVKEY is
not set by the user. If this is the case nl802154 will return -EINVAL.
Reported-by: syzbot+368672e0da240db53b5f@syzkaller.appspotmail.com
Signed-off-by: Alexander Aring <aahringo@redhat.com>
---
net/ieee802154/nl802154.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 3f6d86d63923..e9e4652cd592 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1916,7 +1916,8 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info
struct ieee802154_llsec_device_key key;
__le64 extended_addr;
- if (nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
+ if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
+ nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
return -EINVAL;
if (!attrs[NL802154_DEVKEY_ATTR_EXTENDED_ADDR])
--
2.26.2
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH wpan 4/4] net: ieee802154: fix nl802154 del llsec devkey
2021-02-21 17:43 ` [PATCH wpan 4/4] net: ieee802154: fix nl802154 del llsec devkey Alexander Aring
@ 2021-02-24 13:39 ` Stefan Schmidt
2021-02-24 13:39 ` Stefan Schmidt
1 sibling, 0 replies; 10+ messages in thread
From: Stefan Schmidt @ 2021-02-24 13:39 UTC (permalink / raw)
To: Alexander Aring; +Cc: linux-wpan, netdev
Hello.
On 21.02.21 18:43, Alexander Aring wrote:
> This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVKEY is
> not set by the user. If this is the case nl802154 will return -EINVAL.
>
> Reported-by: syzbot+368672e0da240db53b5f@syzkaller.appspotmail.com
> Signed-off-by: Alexander Aring <aahringo@redhat.com>
> ---
> net/ieee802154/nl802154.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index 3f6d86d63923..e9e4652cd592 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -1916,7 +1916,8 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info
> struct ieee802154_llsec_device_key key;
> __le64 extended_addr;
>
> - if (nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
> + if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
> + nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
> return -EINVAL;
>
> if (!attrs[NL802154_DEVKEY_ATTR_EXTENDED_ADDR])
>
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH wpan 4/4] net: ieee802154: fix nl802154 del llsec devkey
2021-02-21 17:43 ` [PATCH wpan 4/4] net: ieee802154: fix nl802154 del llsec devkey Alexander Aring
2021-02-24 13:39 ` Stefan Schmidt
@ 2021-02-24 13:39 ` Stefan Schmidt
1 sibling, 0 replies; 10+ messages in thread
From: Stefan Schmidt @ 2021-02-24 13:39 UTC (permalink / raw)
To: Alexander Aring; +Cc: linux-wpan, netdev
Hello.
On 21.02.21 18:43, Alexander Aring wrote:
> This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_DEVKEY is
> not set by the user. If this is the case nl802154 will return -EINVAL.
>
> Reported-by: syzbot+368672e0da240db53b5f@syzkaller.appspotmail.com
> Signed-off-by: Alexander Aring <aahringo@redhat.com>
> ---
> net/ieee802154/nl802154.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index 3f6d86d63923..e9e4652cd592 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -1916,7 +1916,8 @@ static int nl802154_del_llsec_devkey(struct sk_buff *skb, struct genl_info *info
> struct ieee802154_llsec_device_key key;
> __le64 extended_addr;
>
> - if (nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
> + if (!info->attrs[NL802154_ATTR_SEC_DEVKEY] ||
> + nla_parse_nested_deprecated(attrs, NL802154_DEVKEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_DEVKEY], nl802154_devkey_policy, info->extack))
> return -EINVAL;
>
> if (!attrs[NL802154_DEVKEY_ATTR_EXTENDED_ADDR])
>
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH wpan 1/4] net: ieee802154: fix nl802154 del llsec key
2021-02-21 17:43 [PATCH wpan 1/4] net: ieee802154: fix nl802154 del llsec key Alexander Aring
` (2 preceding siblings ...)
2021-02-21 17:43 ` [PATCH wpan 4/4] net: ieee802154: fix nl802154 del llsec devkey Alexander Aring
@ 2021-02-23 22:04 ` Jakub Kicinski
2021-02-24 13:37 ` Stefan Schmidt
4 siblings, 0 replies; 10+ messages in thread
From: Jakub Kicinski @ 2021-02-23 22:04 UTC (permalink / raw)
To: Alexander Aring, stefan; +Cc: linux-wpan, netdev
On Sun, 21 Feb 2021 12:43:18 -0500 Alexander Aring wrote:
> This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is
> not set by the user. If this is the case nl802154 will return -EINVAL.
>
> Reported-by: syzbot+ac5c11d2959a8b3c4806@syzkaller.appspotmail.com
> Signed-off-by: Alexander Aring <aahringo@redhat.com>
Looks like there is a wpan tree, but in recent years Dave just applies
ieee802154 patches directly. I'm going to apply these directly as well,
please let me know if I shouldn't, or more review time is needed.
^ permalink raw reply [flat|nested] 10+ messages in thread
* Re: [PATCH wpan 1/4] net: ieee802154: fix nl802154 del llsec key
2021-02-21 17:43 [PATCH wpan 1/4] net: ieee802154: fix nl802154 del llsec key Alexander Aring
` (3 preceding siblings ...)
2021-02-23 22:04 ` [PATCH wpan 1/4] net: ieee802154: fix nl802154 del llsec key Jakub Kicinski
@ 2021-02-24 13:37 ` Stefan Schmidt
4 siblings, 0 replies; 10+ messages in thread
From: Stefan Schmidt @ 2021-02-24 13:37 UTC (permalink / raw)
To: Alexander Aring; +Cc: linux-wpan, netdev
Hello.
On 21.02.21 18:43, Alexander Aring wrote:
> This patch fixes a nullpointer dereference if NL802154_ATTR_SEC_KEY is
> not set by the user. If this is the case nl802154 will return -EINVAL.
>
> Reported-by: syzbot+ac5c11d2959a8b3c4806@syzkaller.appspotmail.com
> Signed-off-by: Alexander Aring <aahringo@redhat.com>
> ---
> net/ieee802154/nl802154.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index 7c5a1aa5adb4..2f0a138bd5eb 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -1592,7 +1592,8 @@ static int nl802154_del_llsec_key(struct sk_buff *skb, struct genl_info *info)
> struct nlattr *attrs[NL802154_KEY_ATTR_MAX + 1];
> struct ieee802154_llsec_key_id id;
>
> - if (nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
> + if (!info->attrs[NL802154_ATTR_SEC_KEY] ||
> + nla_parse_nested_deprecated(attrs, NL802154_KEY_ATTR_MAX, info->attrs[NL802154_ATTR_SEC_KEY], nl802154_key_policy, info->extack))
> return -EINVAL;
>
> if (ieee802154_llsec_parse_key_id(attrs[NL802154_KEY_ATTR_ID], &id) < 0)
>
This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!
regards
Stefan Schmidt
^ permalink raw reply [flat|nested] 10+ messages in thread