Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp3390425ybp; Sun, 6 Oct 2019 10:53:23 -0700 (PDT) X-Google-Smtp-Source: APXvYqx9UKQvbjm4w20ZlZrHrEYRetYlphQooFjHtLkDXB+ztN17mNI7n8ol1Vf9hUMYJpziQ+VT X-Received: by 2002:a17:906:3108:: with SMTP id 8mr20948446ejx.11.1570384403102; Sun, 06 Oct 2019 10:53:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570384403; cv=none; d=google.com; s=arc-20160816; b=eMetnenRfbaY2XH0MPnxqhSPhIvr59P6zZddmKaZ5lX+xuNSYK+Pe0h/p7D+AMEwLN ut5Sy0mCD9Tr04VLZ2ELeoPNCI3Hz1VYnZroLWpgzBPGfcnC+O8l5WQe7MtOoL0v3oKv U8gmUSD+xHTrgGE7ZquMp5Y08MHSQEa7lFeaflhYhEnRZihZH9r5gWyj/8ESeoGdguOp FrrsyObiOAepL/eLqvqglLOgaWGe61GUWf/60Gl1+QixuWTeXBNjlsblIbrdGq1hajpZ xlEcnUOVS4U+IgsPEmU4yzTU/c9kVn022RDBF0PJDnTMjIqcVz+ZRY+jkY29dyOa7A1R bz6A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Fwxgl/B6yLiKtlev9ctpVkb5ibw7wZfhGOhdGSpmdLI=; b=FwlTosNsoelgptklWJnC/i/lOG9Y7A0wx0i1LHzBQgJTQztgQLvh5GqMHbrClv+oBk QgZs8Da4XKUKGXDXpGQYRZ0L7aDiu7LRcNApaKB5MIpdVVyOdK+Rzf40YS2vI/l2Kwyl cESwD+DVxzD4xmdCxY8W0CcE9gba+hCFTa8stazzP2q/xIt6w8CL46v7oVFGg9bIj9C5 Rg7bg/spNWCG5J/9flO4sR9G61APpIWuWVGH5XI+fqzK/xcdGYAhe9Uzw3VDwr442XCV EAcglqFo7wybhFIGaC2xLXt7YFcELf3dsdo+yyTD0jz9YmCjrU4mpUPbfbBISNEzTQAV nIqw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jYL0fCWS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g31si7690393eda.399.2019.10.06.10.52.59; Sun, 06 Oct 2019 10:53:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=jYL0fCWS; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727981AbfJFRi5 (ORCPT + 99 others); Sun, 6 Oct 2019 13:38:57 -0400 Received: from mail.kernel.org ([198.145.29.99]:38350 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730701AbfJFRiz (ORCPT ); Sun, 6 Oct 2019 13:38:55 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id B7B2C2053B; Sun, 6 Oct 2019 17:38:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1570383535; bh=QYuncw7U6eCu+v+lSMJpPfdq8LmiWt9sdzhJZ8oWmNQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=jYL0fCWSR4lmYw0FynYFKi31rD4FeunxtEIcgaCHZbc88WB2d/LpMIwvlqGsYKYdN ezCerJr2lmfxtXsPaViGAee7K1e1xcQ2YOxk+HCnVHUsNami2sPMYUpU/y/pImTHc1 mSN/DHbLrsjMDIC43dx+vZnmP5SF0KGhmyGHnJzM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Andrey Konovalov , Andy Shevchenko , "David S. Miller" Subject: [PATCH 5.2 133/137] NFC: fix attrs checks in netlink interface Date: Sun, 6 Oct 2019 19:21:57 +0200 Message-Id: <20191006171220.461067562@linuxfoundation.org> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20191006171209.403038733@linuxfoundation.org> References: <20191006171209.403038733@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Andrey Konovalov commit 18917d51472fe3b126a3a8f756c6b18085eb8130 upstream. nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX attribute being present, but doesn't check whether it is actually provided by the user. Same goes for nfc_genl_fw_download() and NFC_ATTR_FIRMWARE_NAME. This patch adds appropriate checks. Found with syzkaller. Signed-off-by: Andrey Konovalov Signed-off-by: Andy Shevchenko Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/nfc/netlink.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -970,7 +970,8 @@ static int nfc_genl_dep_link_down(struct int rc; u32 idx; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || + !info->attrs[NFC_ATTR_TARGET_INDEX]) return -EINVAL; idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); @@ -1018,7 +1019,8 @@ static int nfc_genl_llc_get_params(struc struct sk_buff *msg = NULL; u32 idx; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || + !info->attrs[NFC_ATTR_FIRMWARE_NAME]) return -EINVAL; idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);