From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Date: Wed, 2 Mar 2022 20:25:18 +0100
Subject: nfc: llcp: nullify llcp_sock->dev on connect() error paths
Patch-mainline: v5.18-rc1
Git-commit: 13a3585b264bfeba018941a713b8d7fc9b8221a2
References: bsc#1213601 CVE-2023-3863
Nullify the llcp_sock->dev on llcp_sock_connect() error paths,
symmetrically to the code llcp_sock_bind(). The non-NULL value of
llcp_sock->dev is used in a few places to check whether the socket is
still valid.
There was no particular issue observed with missing NULL assignment in
connect() error path, however a similar case - in the bind() error path
- was triggereable. That one was fixed in commit 4ac06a1e013c ("nfc:
fix NULL ptr dereference in llcp_sock_getname() after failed connect"),
so the change here seems logical as well.
Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
net/nfc/llcp_sock.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -777,6 +777,7 @@ sock_llcp_release:
llcp_sock->local = NULL;
put_dev:
+ llcp_sock->dev = NULL;
nfc_put_device(dev);
error: