Message ID | 75ce3040b4086ffa2d2e088ad7f24f5e4a87be56.1523552145.git.andreyknvl@google.com |
---|---|
State | Awaiting Upstream, archived |
Delegated to: | David Miller |
Headers | show |
Series | NFC: fix attrs checks in netlink interface | expand |
Hi Andrey, On Thu, Apr 12, 2018 at 06:56:56PM +0200, Andrey Konovalov wrote: > nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX > attribute being present, but doesn't check whether it is actually > provided by the user. Same goes for nfc_genl_fw_download() and > NFC_ATTR_FIRMWARE_NAME. > > This patch adds appropriate checks. > > Found with syzkaller. > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > --- > net/nfc/netlink.c | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) Thanks, applied to nfc-next. Cheers, Samuel.
On Mon, Jun 4, 2018 at 6:29 AM Samuel Ortiz <sameo@linux.intel.com> wrote: > > Hi Andrey, > > On Thu, Apr 12, 2018 at 06:56:56PM +0200, Andrey Konovalov wrote: > > nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX > > attribute being present, but doesn't check whether it is actually > > provided by the user. Same goes for nfc_genl_fw_download() and > > NFC_ATTR_FIRMWARE_NAME. > > > > This patch adds appropriate checks. > > > > Found with syzkaller. > > > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > > --- > > net/nfc/netlink.c | 6 ++++-- > > 1 file changed, 4 insertions(+), 2 deletions(-) > Thanks, applied to nfc-next. Hi Samuel, It's been 6 months and this fix is still not in mainline. Did it get lost? Thanks! > > Cheers, > Samuel.
From: Andrey Konovalov <andreyknvl@google.com> Date: Wed, Jan 2, 2019 at 4:30 PM To: Samuel Ortiz Cc: David S . Miller, <linux-wireless@vger.kernel.org>, netdev, LKML, Dmitry Vyukov, Kostya Serebryany > On Mon, Jun 4, 2018 at 6:29 AM Samuel Ortiz <sameo@linux.intel.com> wrote: > > > > Hi Andrey, > > > > On Thu, Apr 12, 2018 at 06:56:56PM +0200, Andrey Konovalov wrote: > > > nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX > > > attribute being present, but doesn't check whether it is actually > > > provided by the user. Same goes for nfc_genl_fw_download() and > > > NFC_ATTR_FIRMWARE_NAME. > > > > > > This patch adds appropriate checks. > > > > > > Found with syzkaller. > > > > > > Signed-off-by: Andrey Konovalov <andreyknvl@google.com> > > > --- > > > net/nfc/netlink.c | 6 ++++-- > > > 1 file changed, 4 insertions(+), 2 deletions(-) > > Thanks, applied to nfc-next. > > Hi Samuel, > > It's been 6 months and this fix is still not in mainline. Did it get lost? More than a year passed since I've sent this patch, it's still sitting in the nfc-next tree which hasn't been updated since June last year. Did NFC stopped being maintained? > > Thanks! > > > > > Cheers, > > Samuel.
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index f018eafc2a0d..58adfb0c90f6 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -936,7 +936,8 @@ static int nfc_genl_deactivate_target(struct sk_buff *skb, u32 device_idx, target_idx; int rc; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || + !info->attrs[NFC_ATTR_TARGET_INDEX]) return -EINVAL; device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); @@ -1245,7 +1246,8 @@ static int nfc_genl_fw_download(struct sk_buff *skb, struct genl_info *info) u32 idx; char firmware_name[NFC_FIRMWARE_NAME_MAXSIZE + 1]; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || + !info->attrs[NFC_ATTR_FIRMWARE_NAME]) return -EINVAL; idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX attribute being present, but doesn't check whether it is actually provided by the user. Same goes for nfc_genl_fw_download() and NFC_ATTR_FIRMWARE_NAME. This patch adds appropriate checks. Found with syzkaller. Signed-off-by: Andrey Konovalov <andreyknvl@google.com> --- net/nfc/netlink.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-)