lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date:   Mon, 21 Jan 2019 22:51:57 +0800
From:   Yang Wei <albin_yang@....com>
To:     linux-wireless@...r.kernel.org, netdev@...r.kernel.org
Cc:     sameo@...ux.intel.com, davem@...emloft.net, yang.wei9@....com.cn,
        Yang Wei <albin_yang@....com>
Subject: [PATCH] nfc: fix potential illegal memory access

The frags_q is used before __skb_queue_head_init when conn_info is
NULL. It may result in illegal memory access.

Signed-off-by: Yang Wei <yang.wei9@....com.cn>
---
 net/nfc/nci/data.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/nfc/nci/data.c b/net/nfc/nci/data.c
index 908f25e..8948341 100644
--- a/net/nfc/nci/data.c
+++ b/net/nfc/nci/data.c
@@ -116,14 +116,14 @@ static int nci_queue_tx_data_frags(struct nci_dev *ndev,
 
 	pr_debug("conn_id 0x%x, total_len %d\n", conn_id, total_len);
 
+	__skb_queue_head_init(&frags_q);
+
 	conn_info = nci_get_conn_info_by_conn_id(ndev, conn_id);
 	if (!conn_info) {
 		rc = -EPROTO;
 		goto free_exit;
 	}
 
-	__skb_queue_head_init(&frags_q);
-
 	while (total_len) {
 		frag_len =
 			min_t(int, total_len, conn_info->max_pkt_payload_len);
-- 
2.7.4


Powered by blists - more mailing lists