nfc: Ensure presence of required attributes in the deactivate_target handler (CVE-2019-12984)
This commit is contained in:
parent
fbe4322901
commit
091f76e86d
|
@ -14,6 +14,8 @@ linux (4.19.37-6) UNRELEASED; urgency=medium
|
|||
[ Romain Perier ]
|
||||
* [x86] x86/insn-eval: Fix use-after-free access to LDT entry (CVE-2019-13233)
|
||||
* [powerpc*] mm/64s/hash: Reallocate context ids on fork (CVE-2019-12817)
|
||||
* nfc: Ensure presence of required attributes in the deactivate_target handler
|
||||
(CVE-2019-12984)
|
||||
|
||||
-- Salvatore Bonaccorso <carnil@debian.org> Sun, 23 Jun 2019 16:15:17 +0200
|
||||
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
From 385097a3675749cbc9e97c085c0e5dfe4269ca51 Mon Sep 17 00:00:00 2001
|
||||
From: Young Xiao <92siuyang@gmail.com>
|
||||
Date: Fri, 14 Jun 2019 15:13:02 +0800
|
||||
Subject: nfc: Ensure presence of required attributes in the deactivate_target
|
||||
handler
|
||||
Origin: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=385097a3675749cbc9e97c085c0e5dfe4269ca51
|
||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2019-12984
|
||||
|
||||
Check that the NFC_ATTR_TARGET_INDEX attributes (in addition to
|
||||
NFC_ATTR_DEVICE_INDEX) are provided by the netlink client prior to
|
||||
accessing them. This prevents potential unhandled NULL pointer dereference
|
||||
exceptions which can be triggered by malicious user-mode programs,
|
||||
if they omit one or both of these attributes.
|
||||
|
||||
Signed-off-by: Young Xiao <92siuyang@gmail.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/nfc/netlink.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c
|
||||
index 1180b3e58a0a..ea64c90b14e8 100644
|
||||
--- a/net/nfc/netlink.c
|
||||
+++ b/net/nfc/netlink.c
|
||||
@@ -911,7 +911,8 @@ static int nfc_genl_deactivate_target(struct sk_buff *skb,
|
||||
u32 device_idx, target_idx;
|
||||
int rc;
|
||||
|
||||
- if (!info->attrs[NFC_ATTR_DEVICE_INDEX])
|
||||
+ if (!info->attrs[NFC_ATTR_DEVICE_INDEX] ||
|
||||
+ !info->attrs[NFC_ATTR_TARGET_INDEX])
|
||||
return -EINVAL;
|
||||
|
||||
device_idx = nla_get_u32(info->attrs[NFC_ATTR_DEVICE_INDEX]);
|
||||
--
|
||||
cgit 1.2-0.3.lf.el7
|
||||
|
|
@ -232,6 +232,7 @@ bugfix/all/tcp-refine-memory-limit-test-in-tcp_fragment.patch
|
|||
bugfix/all/ptrace-Fix-ptracer_cred-handling-for-PTRACE_TRACEME.patch
|
||||
bugfix/x86/x86-insn-eval-Fix-use-after-free-access-to-LDT-entry.patch
|
||||
bugfix/powerpc/powerpc-mm-64s-hash-Reallocate-context-ids-on-fork.patch
|
||||
bugfix/all/nfc-Ensure-presence-of-required-attributes-in-the-deactivate_target.patch
|
||||
|
||||
# Fix exported symbol versions
|
||||
bugfix/all/module-disable-matching-missing-version-crc.patch
|
||||
|
|
Loading…
Reference in New Issue