ACK: [PATCH 1/1] nfc: Ensure presence of required attributes in the deactivate_target handler
Connor Kuehl
connor.kuehl at canonical.com
Thu Jul 11 17:48:16 UTC 2019
On 7/9/19 11:12 PM, Tyler Hicks wrote:
> From: Young Xiao <92siuyang at gmail.com>
>
> Check that the NFC_ATTR_TARGET_INDEX attributes (in addition to
> NFC_ATTR_DEVICE_INDEX) are provided by the netlink client prior to
> accessing them. This prevents potential unhandled NULL pointer dereference
> exceptions which can be triggered by malicious user-mode programs,
> if they omit one or both of these attributes.
>
> Signed-off-by: Young Xiao <92siuyang at gmail.com>
> Signed-off-by: David S. Miller <davem at davemloft.net>
>
> CVE-2019-12984
>
> (cherry picked from commit 385097a3675749cbc9e97c085c0e5dfe4269ca51)
> Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
Acked-by: Connor Kuehl <connor.kuehl at canonical.com>
> ---
> net/nfc/netlink.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
> index 376181cc1def..9f2875efb4ac 100644
> --- a/net/nfc/netlink.c
> +++ b/net/nfc/netlink.c
> @@ -922,7 +922,8 @@ static int nfc_genl_deactivate_target(struct sk_buff *skb,
> u32 device_idx, target_idx;
> int rc;
>
> - if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
> + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
> + !info->attrs[NFC_ATTR_TARGET_INDEX])
> return -EINVAL;
>
> device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
>
More information about the kernel-team
mailing list