Commit 66b89988 authored by Lin Ma's avatar Lin Ma Committed by Zheng Zengkai
Browse files

nfc: nci: fix the UAF of rf_conn_info object 

stable inclusion
from stable-5.10.76
commit 77c0ef979e32b8bc22f36a013bab77cd37e31530
bugzilla: 182988 https://gitee.com/openeuler/kernel/issues/I4IAHF

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=77c0ef979e32b8bc22f36a013bab77cd37e31530



--------------------------------

commit 1b1499a8 upstream.

The nci_core_conn_close_rsp_packet() function will release the conn_info
with given conn_id. However, it needs to set the rf_conn_info to NULL to
prevent other routines like nci_rf_intf_activated_ntf_packet() to trigger
the UAF.

Reviewed-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: default avatarLin Ma <linma@zju.edu.cn>
Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarChen Jun <chenjun102@huawei.com>
Acked-by: default avatarWeilong Chen <chenweilong@huawei.com>

Signed-off-by: default avatarChen Jun <chenjun102@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 33b42e98
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment