From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:33824 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751977AbdGYTU6 (ORCPT ); Tue, 25 Jul 2017 15:20:58 -0400 From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Mateusz Jurczyk , Kees Cook , Samuel Ortiz Subject: [PATCH 4.9 015/125] nfc: Ensure presence of required attributes in the activate_target handler Date: Tue, 25 Jul 2017 12:18:50 -0700 Message-Id: <20170725192015.038003553@linuxfoundation.org> In-Reply-To: <20170725192014.314851996@linuxfoundation.org> References: <20170725192014.314851996@linuxfoundation.org> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: stable-owner@vger.kernel.org List-ID: 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Mateusz Jurczyk commit a0323b979f81ad2deb2c8836eab506534891876a upstream. Check that the NFC_ATTR_TARGET_INDEX and NFC_ATTR_PROTOCOLS attributes (in addition to NFC_ATTR_DEVICE_INDEX) are provided by the netlink client prior to accessing them. This prevents potential unhandled NULL pointer dereference exceptions which can be triggered by malicious user-mode programs, if they omit one or both of these attributes. Signed-off-by: Mateusz Jurczyk Acked-by: Kees Cook Signed-off-by: Samuel Ortiz Signed-off-by: Greg Kroah-Hartman --- net/nfc/netlink.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -910,7 +910,9 @@ static int nfc_genl_activate_target(stru u32 device_idx, target_idx, protocol; int rc; - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || + !info->attrs[NFC_ATTR_TARGET_INDEX] || + !info->attrs[NFC_ATTR_PROTOCOLS]) return -EINVAL; device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);