summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSasha Levin <levinsasha928@gmail.com>2012-06-06 23:02:55 +0200
committerJohn W. Linville <linville@tuxdriver.com>2012-06-08 19:47:07 +0200
commit58d1eab7ef1d7ff8e448699dfd1a21b7f3303296 (patch)
tree6221c2536b5283fadc7f64bd3e2ae57dfa50dfbc
parentiwlwifi: disable the buggy chain extension feature in HW (diff)
downloadlinux-58d1eab7ef1d7ff8e448699dfd1a21b7f3303296.tar.xz
linux-58d1eab7ef1d7ff8e448699dfd1a21b7f3303296.zip
NFC: Fix possible NULL ptr deref when getting the name of a socket
llcp_sock_getname() might get called before the LLCP socket was created. This condition isn't checked, and llcp_sock_getname will simply deref a NULL ptr in that case. This exists starting with d646960 ("NFC: Initial LLCP support"). Signed-off-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
-rw-r--r--net/nfc/llcp/sock.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 3f339b19d140..17a707db40eb 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -292,6 +292,9 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *addr,
pr_debug("%p\n", sk);
+ if (llcp_sock == NULL)
+ return -EBADFD;
+
addr->sa_family = AF_NFC;
*len = sizeof(struct sockaddr_nfc_llcp);