diff mbox series

[net] ieee802154: Prevent user from crashing the host

Message ID 20230301154450.547716-1-miquel.raynal@bootlin.com (mailing list archive)
State Accepted
Headers show
Series [net] ieee802154: Prevent user from crashing the host | expand

Commit Message

Miquel Raynal March 1, 2023, 3:44 p.m. UTC
Avoid crashing the machine by checking
info->attrs[NL802154_ATTR_SCAN_TYPE] presence before de-referencing it,
which was the primary intend of the blamed patch.

Reported-by: Sanan Hasanov <sanan.hasanov@Knights.ucf.edu>
Suggested-by: Eric Dumazet <edumazet@google.com>
Fixes: a0b6106672b5 ("ieee802154: Convert scan error messages to extack")
Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
---
 net/ieee802154/nl802154.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Miquel Raynal March 2, 2023, 8:48 a.m. UTC | #1
Hello,

miquel.raynal@bootlin.com wrote on Wed,  1 Mar 2023 16:44:50 +0100:

> Avoid crashing the machine by checking
> info->attrs[NL802154_ATTR_SCAN_TYPE] presence before de-referencing it,
> which was the primary intend of the blamed patch.

Subject should have been wpan instead of net, sorry for the confusion.

> Reported-by: Sanan Hasanov <sanan.hasanov@Knights.ucf.edu>
> Suggested-by: Eric Dumazet <edumazet@google.com>
> Fixes: a0b6106672b5 ("ieee802154: Convert scan error messages to extack")
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
>  net/ieee802154/nl802154.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index 88380606af2c..a18fb98a4b09 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -1412,7 +1412,7 @@ static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info)
>  		return -EOPNOTSUPP;
>  	}
>  
> -	if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) {
> +	if (!info->attrs[NL802154_ATTR_SCAN_TYPE]) {
>  		NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type");
>  		return -EINVAL;
>  	}


Thanks,
Miquèl
Paolo Abeni March 2, 2023, 10:20 a.m. UTC | #2
Hello,

On Thu, 2023-03-02 at 09:48 +0100, Miquel Raynal wrote:
> miquel.raynal@bootlin.com wrote on Wed,  1 Mar 2023 16:44:50 +0100:
> 
> > Avoid crashing the machine by checking
> > info->attrs[NL802154_ATTR_SCAN_TYPE] presence before de-referencing it,
> > which was the primary intend of the blamed patch.
> 
> Subject should have been wpan instead of net, sorry for the confusion.

I read the above as you intend this patch to go through
Alexander/Stefan tree, thus dropping from netdev PW.

LMK if you prefer otherwise, thanks!

Paolo
Stefan Schmidt March 2, 2023, 1:45 p.m. UTC | #3
Hello.

On 01.03.23 16:44, Miquel Raynal wrote:
> Avoid crashing the machine by checking
> info->attrs[NL802154_ATTR_SCAN_TYPE] presence before de-referencing it,
> which was the primary intend of the blamed patch.
> 
> Reported-by: Sanan Hasanov <sanan.hasanov@Knights.ucf.edu>
> Suggested-by: Eric Dumazet <edumazet@google.com>
> Fixes: a0b6106672b5 ("ieee802154: Convert scan error messages to extack")
> Signed-off-by: Miquel Raynal <miquel.raynal@bootlin.com>
> ---
>   net/ieee802154/nl802154.c | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
> index 88380606af2c..a18fb98a4b09 100644
> --- a/net/ieee802154/nl802154.c
> +++ b/net/ieee802154/nl802154.c
> @@ -1412,7 +1412,7 @@ static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info)
>   		return -EOPNOTSUPP;
>   	}
>   
> -	if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) {
> +	if (!info->attrs[NL802154_ATTR_SCAN_TYPE]) {
>   		NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type");
>   		return -EINVAL;
>   	}

This patch has been applied to the wpan tree and will be
part of the next pull request to net. Thanks!

regards
Stefan Schmidt
Stefan Schmidt March 2, 2023, 1:47 p.m. UTC | #4
Hello Paolo.

On 02.03.23 11:20, Paolo Abeni wrote:
> Hello,
> 
> On Thu, 2023-03-02 at 09:48 +0100, Miquel Raynal wrote:
>> miquel.raynal@bootlin.com wrote on Wed,  1 Mar 2023 16:44:50 +0100:
>>
>>> Avoid crashing the machine by checking
>>> info->attrs[NL802154_ATTR_SCAN_TYPE] presence before de-referencing it,
>>> which was the primary intend of the blamed patch.
>>
>> Subject should have been wpan instead of net, sorry for the confusion.
> 
> I read the above as you intend this patch to go through
> Alexander/Stefan tree, thus dropping from netdev PW.

That is correct. I just applied it and will send a pull request for net 
later today once it passed all my tests here.

regards
Stefan Schmidt
diff mbox series

Patch

diff --git a/net/ieee802154/nl802154.c b/net/ieee802154/nl802154.c
index 88380606af2c..a18fb98a4b09 100644
--- a/net/ieee802154/nl802154.c
+++ b/net/ieee802154/nl802154.c
@@ -1412,7 +1412,7 @@  static int nl802154_trigger_scan(struct sk_buff *skb, struct genl_info *info)
 		return -EOPNOTSUPP;
 	}
 
-	if (!nla_get_u8(info->attrs[NL802154_ATTR_SCAN_TYPE])) {
+	if (!info->attrs[NL802154_ATTR_SCAN_TYPE]) {
 		NL_SET_ERR_MSG(info->extack, "Malformed request, missing scan type");
 		return -EINVAL;
 	}