NFC: Fix possible NULL ptr deref when getting the name of a socket

llcp_sock_getname() might get called before the LLCP socket was created. This condition isn't checked, and llcp_sock_getname will simply deref a NULL ptr in that case. This exists starting with d646960 ("NFC: Initial LLCP support"). Signed-off-by: Sasha Levin <levinsasha928@gmail.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
author: Sasha Levin <levinsasha928@gmail.com> 2012-06-06 17:02:55 -0400
committer: John W. Linville <linville@tuxdriver.com> 2012-06-08 13:47:07 -0400
commit: 58d1eab7ef1d7ff8e448699dfd1a21b7f3303296 (patch)
tree: 6221c2536b5283fadc7f64bd3e2ae57dfa50dfbc /net/nfc
parent: d012d04e4d6312ea157b6cf19e9689af934f5aa7 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 3f339b19d140..17a707db40eb 100644
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -292,6 +292,9 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *addr,
        pr_debug("%p\n", sk);
+        if (llcp_sock == NULL)
+                return -EBADFD;
        addr->sa_family = AF_NFC;
        *len = sizeof(struct sockaddr_nfc_llcp);
author	Sasha Levin <levinsasha928@gmail.com>	2012-06-06 17:02:55 -0400
committer	John W. Linville <linville@tuxdriver.com>	2012-06-08 13:47:07 -0400
commit	58d1eab7ef1d7ff8e448699dfd1a21b7f3303296 (patch)
tree	6221c2536b5283fadc7f64bd3e2ae57dfa50dfbc /net/nfc
parent	d012d04e4d6312ea157b6cf19e9689af934f5aa7 (diff)

diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c index 3f339b19d140..17a707db40eb 100644 --- a/net/nfc/llcp/sock.c +++ b/net/nfc/llcp/sock.c
@@ -292,6 +292,9 @@ static int llcp_sock_getname(struct socket sock, struct sockaddr addr,
292		292
293	pr_debug("%p\n", sk);	293	pr_debug("%p\n", sk);
294		294
		295	if (llcp_sock == NULL)
		296	return -EBADFD;
		297
295	addr->sa_family = AF_NFC;	298	addr->sa_family = AF_NFC;
296	*len = sizeof(struct sockaddr_nfc_llcp);	299	*len = sizeof(struct sockaddr_nfc_llcp);
297		300