On Wed, May 24, 2017 at 3:42 AM, Mateusz Jurczyk <mjurczyk@xxxxxxxxxx> wrote: > Check that the NFC_ATTR_TARGET_INDEX and NFC_ATTR_PROTOCOLS attributes (in > addition to NFC_ATTR_DEVICE_INDEX) are provided by the netlink client > prior to accessing them. This prevents potential unhandled NULL pointer > dereference exceptions which can be triggered by malicious user-mode > programs, if they omit one or both of these attributes. > > Signed-off-by: Mateusz Jurczyk <mjurczyk@xxxxxxxxxx> Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> -Kees > --- > net/nfc/netlink.c | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c > index 6b0850e63e09..b251fb936a27 100644 > --- a/net/nfc/netlink.c > +++ b/net/nfc/netlink.c > @@ -907,7 +907,9 @@ static int nfc_genl_activate_target(struct sk_buff *skb, struct genl_info *info) > u32 device_idx, target_idx, protocol; > int rc; > > - if (!info->attrs[NFC_ATTR_DEVICE_INDEX]) > + if (!info->attrs[NFC_ATTR_DEVICE_INDEX] || > + !info->attrs[NFC_ATTR_TARGET_INDEX] || > + !info->attrs[NFC_ATTR_PROTOCOLS]) > return -EINVAL; > > device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]); > -- > 2.13.0.219.gdb65acc882-goog > -- Kees Cook Pixel Security
