| Message ID | 8a44ed2afb2f02be34d57d56c6836a5b911bffb0.1702404519.git.code@siddh.me |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:bcd1:0:b0:403:3b70:6f57 with SMTP id r17csp7930448vqy;
Tue, 12 Dec 2023 10:50:08 -0800 (PST)
X-Google-Smtp-Source:
AGHT+IE+Wl7N0b9YUsMlsTCjcawU5kAEjkv7skH4B1H6SYM+9HrWjWQ+ch+uoGoO77hQbmJ48GE8
X-Received: by 2002:a17:903:41cf:b0:1c6:11ca:8861 with SMTP id
u15-20020a17090341cf00b001c611ca8861mr7816092ple.21.1702407007950;
Tue, 12 Dec 2023 10:50:07 -0800 (PST)
ARC-Seal: i=2; a=rsa-sha256; t=1702407007; cv=pass;
d=google.com; s=arc-20160816;
b=XZcaZoCVkyCv7x6tTSCULILt+MP/BZIDVNA7EAPWSclB7AHbUZTmLyhJ86Mlzni0m/
EVM7v/zNvaX2OpMzds5kTdq1HVwH8hcFEeLmpaySJ0z35q+Zeinou5kMgPmwsW+fngL8
BIgbs8B8E46y4xaj7Ag1ZD4VtlpjKxqkuKBlOHy3o1ReIWUu9fHI2FD/Oc3bT3OclwLn
gIaaCrJwvc30oCOFQawPcDUn7JlsmDVuWA4cSnpsOVS8AGLM1laqydXbA6A46TM2mej1
fUrnpxISif+z8gfkEl9vXSM767pDJeS7CacbgpVlcyn8KU3k7qJWei23s87IFINbgcsF
Femg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:content-transfer-encoding:mime-version
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature;
bh=Scp3IrJnE67ltgIhAprfULm6HsQ/s5KxrhhmK7w7AQs=;
fh=RACn3Dz57j2O2Diwusdo+qDZ4fbRHVAux3E9Xar2zXI=;
b=Oeo5wpDa2bkgrqgy0FDqkd1hDKvCc18mzyzCrglRPGtgsHrqZgCdMyMkz+JmI2ydcV
3536WYLjXDMITYKuX52FOf5rXdPyZNh5bk1M2Bq5FLT6HyPf3mW+kcMukQBdEmdwtihV
yWpB5X7EpP72sBG3DEXTc/ku7LCxomafYx9JyA1Nbh1K26w87qYYdhHOcLsgjurH1o2m
K3dxLFYmvfKn7B3EWN+DBO2+WM6GRa0fmPeoofo4Tmp7D1M3xFjhMfqfUUwEK8CQYo1U
YGvySQ2+tP5RU7PjtlroLjD92JxCWTS+UzZNVIdRaglzVaHlX1w6asRchpQOasLgs+Il
RCRA==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@siddh.me header.s=zmail header.b=k0wHo+ms;
arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me
dmarc=pass fromdomain=siddh.me>);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.31 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me
Received: from morse.vger.email (morse.vger.email. [23.128.96.31])
by mx.google.com with ESMTPS id
x3-20020a1709027c0300b001cfd0495291si8126105pll.524.2023.12.12.10.50.07
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Tue, 12 Dec 2023 10:50:07 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.31 as permitted sender) client-ip=23.128.96.31;
Authentication-Results: mx.google.com;
dkim=pass header.i=@siddh.me header.s=zmail header.b=k0wHo+ms;
arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me
dmarc=pass fromdomain=siddh.me>);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 23.128.96.31 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me
Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0])
by morse.vger.email (Postfix) with ESMTP id DE1C180E6C50;
Tue, 12 Dec 2023 10:50:04 -0800 (PST)
X-Virus-Status: Clean
X-Virus-Scanned: clamav-milter 0.103.11 at morse.vger.email
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S1376674AbjLLStw (ORCPT <rfc822;dexuan.linux@gmail.com>
+ 99 others); Tue, 12 Dec 2023 13:49:52 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40900 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S1376623AbjLLStu (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Tue, 12 Dec 2023 13:49:50 -0500
Received: from sender-of-o51.zoho.in (sender-of-o51.zoho.in [103.117.158.51])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E6C31CF;
Tue, 12 Dec 2023 10:49:55 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1702406967; cv=none;
d=zohomail.in; s=zohoarc;
b=XpzMMmouJS+8v/yHAlGE+Vj0dS7q19omTsyt9qq81XP91R//5rD+1t86xedine7cqif/Nq0aOuXshoneQ9G7tgDrHYqmK9+DsX3pV8+dYuAodaA/wJA6geCRnPBYTu/2Fc2xdIZBrf3DFXPD8TPCxRLgOBzRYO8BN482GlestYI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in;
s=zohoarc;
t=1702406967;
h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To;
bh=Scp3IrJnE67ltgIhAprfULm6HsQ/s5KxrhhmK7w7AQs=;
b=YlEi3Tx5nLg4cA0rF76WQsConbJT/jLXHHC0VjA4KY45oHiqQXyM5SRuQMJc0UK8+FwF4VFyHB8sUZ7Z3QqK7Tx+CdQkkSOck2jiW2FoJ29EB7rpZmL2Iw/oA7tmoa3woKo67DHNGLXWT7S5oFn5nxNxToqjh2zy1Qi5JvvlUxE=
ARC-Authentication-Results: i=1; mx.zohomail.in;
dkim=pass header.i=siddh.me;
spf=pass smtp.mailfrom=code@siddh.me;
dmarc=pass header.from=<code@siddh.me>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1702406967;
s=zmail; d=siddh.me; i=code@siddh.me;
h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-ID:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Message-Id:Reply-To;
bh=Scp3IrJnE67ltgIhAprfULm6HsQ/s5KxrhhmK7w7AQs=;
b=k0wHo+mshJJqA16AI3bcFJ/7cbLuMAXKkpgdSDg5+800Pq4Dqtac8nanoCvjXxoa
bTyb6S6oc0RmxKM4qHgU0UyhJRY/bYQ/zL6N49CZ3L2J3Xg7jHHUd3J8mOLsA9fQSsk
SCRBvYdf3vgFvgEtvAZLj5bgT3/YYrKuhlnY4g5c=
Received: from kampyooter.. (182.69.31.144 [182.69.31.144]) by mx.zoho.in
with SMTPS id 1702406966251239.8701045805791;
Wed, 13 Dec 2023 00:19:26 +0530 (IST)
From: Siddh Raman Pant <code@siddh.me>
To: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>,
Paolo Abeni <pabeni@redhat.com>,
Suman Ghosh <sumang@marvell.com>
Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH net-next v5 2/2] nfc: Do not send datagram if socket state
isn't LLCP_BOUND
Date: Wed, 13 Dec 2023 00:19:20 +0530
Message-ID:
<8a44ed2afb2f02be34d57d56c6836a5b911bffb0.1702404519.git.code@siddh.me>
X-Mailer: git-send-email 2.42.0
In-Reply-To: <cover.1702404519.git.code@siddh.me>
References: <cover.1702404519.git.code@siddh.me>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-ZohoMailClient: External
X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID,
DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,
SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable
autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on morse.vger.email
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-Greylist: Sender passed SPF test,
not delayed by milter-greylist-4.6.4 (morse.vger.email [0.0.0.0]);
Tue, 12 Dec 2023 10:50:05 -0800 (PST)
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-THRID: 1785103130890458435
X-GMAIL-MSGID: 1785103130890458435
|
| Series |
nfc: Fix UAF during datagram sending caused by missing refcounting
|
|
Commit Message
Siddh Raman Pant
Dec. 12, 2023, 6:49 p.m. UTC
As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant <code@siddh.me> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Reviewed-by: Suman Ghosh <sumang@marvell.com> --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+)
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 645677f84dba..819157bbb5a2 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -796,6 +796,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name);