Hi Cong, On Fri, Jan 29, 2016 at 11:37:40AM -0800, Cong Wang wrote: > llcp_sock_getname() checks llcp_sock->dev to make sure > llcp_sock is already connected or bound, however, we could > be in the middle of llcp_sock_bind() where llcp_sock->dev > is bound and llcp_sock->service_name_len is set, > but llcp_sock->service_name is not, in this case we would > lead to copy some bytes from a NULL pointer. > > Just lock the sock since this is not a hot path anyway. > > Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> > Cc: Lauro Ramos Venancio <lauro.venancio@xxxxxxxxxxxxx> > Cc: Aloisio Almeida Jr <aloisio.almeida@xxxxxxxxxxxxx> > Cc: Samuel Ortiz <sameo@xxxxxxxxxxxxxxx> > Signed-off-by: Cong Wang <xiyou.wangcong@xxxxxxxxx> > --- > net/nfc/llcp_sock.c | 6 ++++++ > 1 file changed, 6 insertions(+) Applied as well, thanks. Cheers, Samuel. -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
