From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 6 Oct 2019 16:56:53 +0000 (+0200)
Subject: 4.9-stable patches
X-Git-Tag: v4.9.196~5
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a0a85bd906866293ed13bede0cb2776a640e5d42;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	nfc-fix-attrs-checks-in-netlink-interface.patch
---

diff --git a/queue-4.9/nfc-fix-attrs-checks-in-netlink-interface.patch b/queue-4.9/nfc-fix-attrs-checks-in-netlink-interface.patch
new file mode 100644
index 00000000000..8d95249bbf5
--- /dev/null
+++ b/queue-4.9/nfc-fix-attrs-checks-in-netlink-interface.patch
@@ -0,0 +1,49 @@
+From 18917d51472fe3b126a3a8f756c6b18085eb8130 Mon Sep 17 00:00:00 2001
+From: Andrey Konovalov <andreyknvl@google.com>
+Date: Mon, 29 Jul 2019 16:35:01 +0300
+Subject: NFC: fix attrs checks in netlink interface
+
+From: Andrey Konovalov <andreyknvl@google.com>
+
+commit 18917d51472fe3b126a3a8f756c6b18085eb8130 upstream.
+
+nfc_genl_deactivate_target() relies on the NFC_ATTR_TARGET_INDEX
+attribute being present, but doesn't check whether it is actually
+provided by the user. Same goes for nfc_genl_fw_download() and
+NFC_ATTR_FIRMWARE_NAME.
+
+This patch adds appropriate checks.
+
+Found with syzkaller.
+
+Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
+Signed-off-by: Andy Shevchenko <andriy.shevchenko@linux.intel.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/nfc/netlink.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/net/nfc/netlink.c
++++ b/net/nfc/netlink.c
+@@ -973,7 +973,8 @@ static int nfc_genl_dep_link_down(struct
+ 	int rc;
+ 	u32 idx;
+ 
+-	if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
++	if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
++	    !info->attrs[NFC_ATTR_TARGET_INDEX])
+ 		return -EINVAL;
+ 
+ 	idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
+@@ -1022,7 +1023,8 @@ static int nfc_genl_llc_get_params(struc
+ 	struct sk_buff *msg = NULL;
+ 	u32 idx;
+ 
+-	if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
++	if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
++	    !info->attrs[NFC_ATTR_FIRMWARE_NAME])
+ 		return -EINVAL;
+ 
+ 	idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
diff --git a/queue-4.9/series b/queue-4.9/series
index 94451c47fb7..f839f3fc057 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -44,3 +44,4 @@ sch_cbq-validate-tca_cbq_wrropt-to-avoid-crash.patch
 ipv6-handle-missing-host-route-in-__ipv6_ifa_notify.patch
 smack-don-t-ignore-other-bprm-unsafe-flags-if-lsm_unsafe_ptrace-is-set.patch
 smack-use-gfp_nofs-while-holding-inode_smack-smk_lock.patch
+nfc-fix-attrs-checks-in-netlink-interface.patch