| Message ID | 727e1ff5df5e8d36e19b25155b1555ed3fd0cdfe.1701627492.git.code@siddh.me (mailing list archive) |
|---|---|
| State | Superseded |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | nfc: Fix UAF during datagram sending caused by missing refcounting | expand |
>As we know we cannot send the datagram (state can be set to LLCP_CLOSED >by nfc_llcp_socket_release()), there is no need to proceed further. > >Thus, bail out early from llcp_sock_sendmsg(). > >Signed-off-by: Siddh Raman Pant <code@siddh.me> >Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> >--- Reviewed-by: Suman Ghosh <sumang@marvell.com> > net/nfc/llcp_sock.c | 5 +++++
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 645677f84dba..819157bbb5a2 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -796,6 +796,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name);