| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20210423040214.15438-3-dan@dlrobertson.com>
Date: Fri, 23 Apr 2021 00:02:14 -0400
From: Dan Robertson <dan@...obertson.com>
To: Alexander Aring <alex.aring@...il.com>,
Stefan Schmidt <stefan@...enfreihafen.org>,
"David S . Miller" <davem@...emloft.net>,
linux-wpan@...r.kernel.org, netdev@...r.kernel.org
Cc: Dan Robertson <dan@...obertson.com>
Subject: [PATCH 2/2] net: ieee802154: fix null deref in parse key id
Fix a logic error that could result in a null deref if the user does not
set the PAN ID but does set the address.
Signed-off-by: Dan Robertson <dan@...obertson.com>
---
net/ieee802154/nl-mac.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ieee802154/nl-mac.c b/net/ieee802154/nl-mac.c
index 9c640d670ffe..66983c5d4d85 100644
--- a/net/ieee802154/nl-mac.c
+++ b/net/ieee802154/nl-mac.c
@@ -551,7 +551,7 @@ ieee802154_llsec_parse_key_id(struct genl_info *info,
desc->mode = nla_get_u8(info->attrs[IEEE802154_ATTR_LLSEC_KEY_MODE]);
if (desc->mode == IEEE802154_SCF_KEY_IMPLICIT) {
- if (!info->attrs[IEEE802154_ATTR_PAN_ID] &&
+ if (!info->attrs[IEEE802154_ATTR_PAN_ID] ||
!(info->attrs[IEEE802154_ATTR_SHORT_ADDR] ||
info->attrs[IEEE802154_ATTR_HW_ADDR]))
return -EINVAL;
--
2.31.1
Powered by blists - more mailing lists