Commit 902416bf authored by Krzysztof Kozlowski's avatar Krzysztof Kozlowski Committed by Ziyang Xuan
Browse files

nfc: nci: fix possible NULL pointer dereference in send_acknowledge() 

stable inclusion
from stable-v4.19.297
commit 5622592f8f74ae3e594379af02e64ea84772d0dd
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I8YCSH
CVE: CVE-2023-46343

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=5622592f8f74ae3e594379af02e64ea84772d0dd



--------------------------------

commit 7937609c upstream.

Handle memory allocation failure from nci_skb_alloc() (calling
alloc_skb()) to avoid possible NULL pointer dereference.

Reported-by: default avatar黄思聪 <huangsicong@iie.ac.cn>
Fixes: 391d8a2d ("NFC: Add NCI over SPI receive")
Cc: <stable@vger.kernel.org>
Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Reviewed-by: default avatarSimon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20231013184129.18738-1-krzysztof.kozlowski@linaro.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarZiyang Xuan <william.xuanziyang@huawei.com>
parent 992b5fc1

net/nfc/nci/spi.c

+2 −0
Original line number Diff line number Diff line
@@ -163,6 +163,8 @@ static int send_acknowledge(struct nci_spi *nspi, u8 acknowledge) 
	int ret;



	skb = nci_skb_alloc(nspi->ndev, 0, GFP_KERNEL);

	if (!skb)

		return -ENOMEM;



	/* add the NCI SPI header to the start of the buffer */

	hdr = skb_push(skb, NCI_SPI_HDR_LEN);