From: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
To: "Clément Perrochaud" <clement.perrochaud@effinnov.com>,
"Charles Gorand" <charles.gorand@effinnov.com>,
netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
"Sedat Dilek" <sedat.dilek@credativ.de>
Cc: Andrey Konovalov <andreyknvl@google.com>,
Andy Shevchenko <andriy.shevchenko@linux.intel.com>
Subject: [PATCH v4 01/14] NFC: fix attrs checks in netlink interface
Date: Mon, 29 Jul 2019 16:35:01 +0300 [thread overview]
Message-ID: <20190729133514.13164-2-andriy.shevchenko@linux.intel.com> (raw)
In-Reply-To: <20190729133514.13164-1-andriy.shevchenko@linux.intel.com>
From: Andrey Konovalov <andreyknvl@google.com>
nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX
attribute being present, but doesn't check whether it is actually
provided by the user. Same goes for nfc_genl_fw_download() and
NFC_ATTR_FIRMWARE_NAME.
This patch adds appropriate checks.
Found with syzkaller.
Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
---
net/nfc/netlink.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
index 4a30309bb67f..60fd2748d0ea 100644
--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -970,7 +970,8 @@ static int nfc_genl_dep_link_down(struct sk_buff *skb, struct genl_info *info)
int rc;
u32 idx;
- if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
+ if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
+ !info->attrs[NFC_ATTR_TARGET_INDEX])
return -EINVAL;
idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
@@ -1018,7 +1019,8 @@ static int nfc_genl_llc_get_params(struct sk_buff *skb, struct genl_info *info)
struct sk_buff *msg = NULL;
u32 idx;
- if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
+ if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
+ !info->attrs[NFC_ATTR_FIRMWARE_NAME])
return -EINVAL;
idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
--
2.20.1
next prev parent reply other threads:[~2019-07-29 14:52 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-29 13:35 [PATCH v4 00/14] NFC: nxp-nci: clean up and new device support Andy Shevchenko
2019-07-29 13:35 ` Andy Shevchenko [this message]
2019-07-29 13:35 ` [PATCH v4 02/14] NFC: nxp-nci: Add NXP1001 to the ACPI ID table Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 03/14] NFC: nxp-nci: Get rid of platform data Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 04/14] NFC: nxp-nci: Convert to use GPIO descriptor Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 05/14] NFC: nxp-nci: Add GPIO ACPI mapping table Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 06/14] NFC: nxp-nci: Get rid of code duplication in ->probe() Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 07/14] NFC: nxp-nci: Get rid of useless label Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 08/14] NFC: nxp-nci: Constify acpi_device_id Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 09/14] NFC: nxp-nci: Drop of_match_ptr() use Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 10/14] NFC: nxp-nci: Drop comma in terminator lines Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 11/14] NFC: nxp-nci: Remove unused macro pr_fmt() Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 12/14] NFC: nxp-nci: Remove 'default n' for the core Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 13/14] NFC: nxp-nci: Clarify on supported chips Andy Shevchenko
2019-07-29 13:35 ` [PATCH v4 14/14] NFC: nxp-nci: Fix recommendation for NFC_NXP_NCI_I2C Kconfig Andy Shevchenko
2019-07-29 15:56 ` [PATCH v4 00/14] NFC: nxp-nci: clean up and new device support David Miller
2019-08-20 21:27 ` Sedat Dilek
2019-08-23 17:20 ` Andy Shevchenko
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190729133514.13164-2-andriy.shevchenko@linux.intel.com \
--to=andriy.shevchenko@linux.intel.com \
--cc=andreyknvl@google.com \
--cc=charles.gorand@effinnov.com \
--cc=clement.perrochaud@effinnov.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=sedat.dilek@credativ.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).