[PATCH] nfc/nci: fix uaf in nfc_alloc_send_skb

From: Lizhi Xu
Date: Thu Nov 09 2023 - 08:31:26 EST

Next message: Konrad Dybcio: "Re: [PATCH v4 0/6] media: qcom: camss: Add sc8280xp support"
Previous message: Konrad Dybcio: "Re: [PATCH 1/1] arm64: dts: qcom: sm8250: Add wakeup-source to usb_1 and usb_2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

After releasing the nfc/nci device, nfc_llcp_sock->local should be set to null
to avoid referencing expired devices.

Signed-off-by: Lizhi Xu <lizhi.xu@xxxxxxxxxxxxx>
---
net/nfc/llcp_core.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c
index 1dac28136e6a..024cbba26fc8 100644
--- a/net/nfc/llcp_core.c
+++ b/net/nfc/llcp_core.c
@@ -102,6 +102,7 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device,
accept_sk->sk_state_change(sk);

bh_unlock_sock(accept_sk);
+ lsk->local = NULL;
}
}

@@ -113,6 +114,7 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device,
bh_unlock_sock(sk);

sk_del_node_init(sk);
+ llcp_sock->local = NULL;
}

write_unlock(&local->sockets.lock);
--
2.25.1

Next message: Konrad Dybcio: "Re: [PATCH v4 0/6] media: qcom: camss: Add sc8280xp support"
Previous message: Konrad Dybcio: "Re: [PATCH 1/1] arm64: dts: qcom: sm8250: Add wakeup-source to usb_1 and usb_2"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]