nfc: llcp: nullify llcp_sock->dev on connect() error paths
mainline inclusion from mainline-v5.18-rc1 commit 13a3585b category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7NLJR CVE: CVE-2023-3863 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=13a3585b264bfeba018941a713b8d7fc9b8221a2 --------------------------- Nullify the llcp_sock->dev on llcp_sock_connect() error paths, symmetrically to the code llcp_sock_bind(). The non-NULL value of llcp_sock->dev is used in a few places to check whether the socket is still valid. There was no particular issue observed with missing NULL assignment in connect() error path, however a similar case - in the bind() error path - was triggereable. That one was fixed in commit 4ac06a1e ("nfc: fix NULL ptr dereference in llcp_sock_getname() after failed connect"), so the change here seems logical as well. Signed-off-by:Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com> Signed-off-by:
Loading
Please sign in to comment