From patchwork Thu Apr 12 16:56:56 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Andrey Konovalov X-Patchwork-Id: 897743 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=reject dis=none) header.from=google.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=google.com header.i=@google.com header.b="c4IES+Pv"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 40MRsQ3Mq4z9s19 for ; Fri, 13 Apr 2018 02:57:14 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753102AbeDLQ5E (ORCPT ); Thu, 12 Apr 2018 12:57:04 -0400 Received: from mail-wm0-f68.google.com ([74.125.82.68]:54891 "EHLO mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752833AbeDLQ5B (ORCPT ); Thu, 12 Apr 2018 12:57:01 -0400 Received: by mail-wm0-f68.google.com with SMTP id r191so13013528wmg.4 for ; Thu, 12 Apr 2018 09:57:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=jLDJ4cUgMktDcIpJZ2dBIGEeWSUC7rDUv9h+eg6kmiU=; b=c4IES+PvZacZMuRSh0rOaT4tohUMbB+Aidj4NlsdQl2dt/BxdBejlSGa2yLgJpsG1U 5UpJd4YSRFwzfcL8lAxHDxM0chlnJecVcZf/UCDVNVrvwxdEFAje2TzxX8IYS/L84zwF D2uFEhuiu+etiJOz/+6c8k4CUSDv5D49ai/A01PbekX2uod2pnE6BOZ24V1Qy7II7Kt5 PyZGB1tTarwCMOKRr4rDvLFUHXRdnUGpR+6LlbqZ4aixV5ZrXOeCqC7tnc7bcdDxYdAR H8iPr//pZFHj8//A6Gyqlrhk4fZmjqV4DDd7m9O8PTL4LTMF3bjJi2S4FNofdkw0kP3+ Fibg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=jLDJ4cUgMktDcIpJZ2dBIGEeWSUC7rDUv9h+eg6kmiU=; b=IdlYj4M/4+SWoNgfPjFzre3POtcaBjAwCuK0FyJNa5jyIMm6g7JB9OVLhSTKfksWMq tQCOJfXEeq/yuJoOtltdidfEGPmVlwCNo53eCsGU/uB7869qnJ4dhY+RoqeLmtJsA7x+ /RYRqGOsAWFK72dwf235ldXOKaTi2oN2Yrk5djMyITqrU0to/rn2lk8aSb2eGqYFDUxF OuwaenpBIwDlK5z0M72OXx1NvBvntvGcL/XdOj3d3iBFi5n+cMCYlDy/7DphfQcGbHNT BDiLn4hVmeBYFvw9h1LKWb1543nr9pz31cNye00LDh79dAg2pbfM7anrpUA0fA3/QVSL Mgzg== X-Gm-Message-State: ALQs6tBGNXeTSfJCLaj1M+mt5DR0ylwm6OA1wxH5RTryhYOhhLBftgxc A272Bq9ajXv0IKNK2yA1tUE6ydKKALs= X-Google-Smtp-Source: AIpwx49CwEGE+2Us77Z94zRYn5KXynfxx6MT8HTt4rv3wZcHd7yUJOyOhXFLZGZPqCG+8AOg2cLMjg== X-Received: by 10.28.197.205 with SMTP id v196mr1380782wmf.39.1523552219946; Thu, 12 Apr 2018 09:56:59 -0700 (PDT) Received: from andreyknvl0.muc.corp.google.com ([2a00:79e0:15:10:84be:a42a:826d:c530]) by smtp.gmail.com with ESMTPSA id q127sm3902523wmd.3.2018.04.12.09.56.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 12 Apr 2018 09:56:59 -0700 (PDT) From: Andrey Konovalov To: Samuel Ortiz , "David S . Miller" , linux-wireless@vger.kernel.org, netdev@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Dmitry Vyukov , Kostya Serebryany , Andrey Konovalov Subject: [PATCH] NFC: fix attrs checks in netlink interface Date: Thu, 12 Apr 2018 18:56:56 +0200 Message-Id: <75ce3040b4086ffa2d2e088ad7f24f5e4a87be56.1523552145.git.andreyknvl@google.com> X-Mailer: git-send-email 2.17.0.484.g0c8726318c-goog Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX attribute being present, but doesn't check whether it is actually provided by the user. Same goes for nfc_genl_fw_download() and NFC_ATTR_FIRMWARE_NAME. This patch adds appropriate checks. Found with syzkaller. Signed-off-by: Andrey Konovalov --- net/nfc/netlink.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index f018eafc2a0d..58adfb0c90f6 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -936,7 +936,8 @@ static int nfc_genl_deactivate_target(struct sk_buff *skb, u32 device_idx, target_idx; int rc; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || + !info->attrs[NFC_ATTR_TARGET_INDEX]) return -EINVAL; device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); @@ -1245,7 +1246,8 @@ static int nfc_genl_fw_download(struct sk_buff *skb, struct genl_info *info) u32 idx; char firmware_name[NFC_FIRMWARE_NAME_MAXSIZE + 1]; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || + !info->attrs[NFC_ATTR_FIRMWARE_NAME]) return -EINVAL; idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);