Received: by 2002:a25:ab43:0:0:0:0:0 with SMTP id u61csp2235978ybi;
        Thu, 20 Jun 2019 11:21:14 -0700 (PDT)
X-Google-Smtp-Source: APXvYqytEva0RvffwnGp7ZZDSssO+7xO0zRamRrpowXXJUnCl5dmwl+tBvSil6NPSpxASjl0nvg9
X-Received: by 2002:a17:902:7087:: with SMTP id z7mr14344298plk.184.1561054874049;
        Thu, 20 Jun 2019 11:21:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1561054874; cv=none;
        d=google.com; s=arc-20160816;
        b=UHpRk5nO0OG6oImb0cT2q70goRWRaMC+L38/1/gD7E+1spJ4ChlDjidmaP8HwGqDLN
         d6UBxPIRG5UfVA7cLR4xqLyqhkc+wP3haTq3VrC+/B/2g2yQwz5T22GNw0tpOONfqTbU
         +sl96d+qLqBWEIe8I4NxYmCnTaPwvvTM4vHye0DJ3QUNE4NsvamlSSH0Is/iQLQ0Tulj
         SKiQ7VDMP5y4P935gKycl9N9hKYsaFespBxrcBX3KEdAZc3+y4iQJ59M0BwlQNEJew2q
         f8mHXVlIRDMIjc3yViA4GuPEGDn/+/q4kBJBCdCtpUdLCZxMo//QLLbJeyxrq/LWcgSh
         leSg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=0hsdpolfHOdUtJOxnkYNf8jAILaGYQBkNFj//pIrsKA=;
        b=GgQEufwu+48f1eXc68jYPoCHK2liY4yrMaYsv8iIu0vROZ8Dkh8lWh60GYEH7RDNTh
         ynVc3rUYxAWHd/Rk/yh5oeSoqkB/9pr1NMMSFjVVMGf7mAjJV0sHCKfghHZ+Urw8Ad04
         MMdB5QxBpwNhhHg/WkcvGbMK55GPDtmm7tixpVeuF59K0E4iHid7lEvkmy2OWyFcm06+
         45cUyBB0VD81IPj2CUPqEq6AVsaqOjzF4DDfQ4pwwgGo+TP3xRGz1SkYWfYNFealojns
         lObSskcsXGF+oYrq5XFPwI19xxJMAyI12Qtfk/Fee4jMj/csZubod3ecmN0mz8N19KbG
         6kaA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=slbr1RpD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y14si392345pjr.88.2019.06.20.11.20.59;
        Thu, 20 Jun 2019 11:21:14 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=slbr1RpD;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729192AbfFTSNM (ORCPT <rfc822;mohamedabbas.us@gmail.com>
        + 99 others); Thu, 20 Jun 2019 14:13:12 -0400
Received: from mail.kernel.org ([198.145.29.99]:41042 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728638AbfFTSNG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 20 Jun 2019 14:13:06 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 08396205F4;
        Thu, 20 Jun 2019 18:13:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1561054386;
        bh=XSmt2kupemjqB1GXrcptmo3Q9SLtuR3ACvyPs23UnSo=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=slbr1RpDYoE18+S01DISYibGpDHMryGNT0xJnQz39AMSm7GOyPIAyHgUWWN9P6TnY
         z1uU8X0I2WiCTQnezUcOYZFJhD6fGIRkj+Ji7x4BXFpxm4obhwpP1hQEX6r8XT3Ayn
         RZLAGWXxrPMJRGOlfz0IQ6Mmk0kvGTHTI/GGGbxs=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Young Xiao <92siuyang@gmail.com>,
        "David S. Miller" <davem@davemloft.net>
Subject: [PATCH 5.1 11/98] nfc: Ensure presence of required attributes in the deactivate_target handler
Date:   Thu, 20 Jun 2019 19:56:38 +0200
Message-Id: <20190620174349.861479740@linuxfoundation.org>
X-Mailer: git-send-email 2.22.0
In-Reply-To: <20190620174349.443386789@linuxfoundation.org>
References: <20190620174349.443386789@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Young Xiao <92siuyang@gmail.com>

[ Upstream commit 385097a3675749cbc9e97c085c0e5dfe4269ca51 ]

Check that the NFC_ATTR_TARGET_INDEX attributes (in addition to
NFC_ATTR_DEVICE_INDEX) are provided by the netlink client prior to
accessing them. This prevents potential unhandled NULL pointer dereference
exceptions which can be triggered by malicious user-mode programs,
if they omit one or both of these attributes.

Signed-off-by: Young Xiao <92siuyang@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/nfc/netlink.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/net/nfc/netlink.c
+++ b/net/nfc/netlink.c
@@ -922,7 +922,8 @@ static int nfc_genl_deactivate_target(st
 	u32 device_idx, target_idx;
 	int rc;
 
-	if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
+	if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
+	    !info->attrs[NFC_ATTR_TARGET_INDEX])
 		return -EINVAL;
 
 	device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);