From: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Date: Wed, 2 Mar 2022 20:25:18 +0100
Subject: nfc: llcp: nullify llcp_sock->dev on connect() error paths
Patch-mainline: v5.18-rc1
Git-commit: 13a3585b264bfeba018941a713b8d7fc9b8221a2
References: bsc#1213601 CVE-2023-3863

Nullify the llcp_sock->dev on llcp_sock_connect() error paths,
symmetrically to the code llcp_sock_bind().  The non-NULL value of
llcp_sock->dev is used in a few places to check whether the socket is
still valid.

There was no particular issue observed with missing NULL assignment in
connect() error path, however a similar case - in the bind() error path
- was triggereable.  That one was fixed in commit 4ac06a1e013c ("nfc:
fix NULL ptr dereference in llcp_sock_getname() after failed connect"),
so the change here seems logical as well.

Signed-off-by: Krzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Acked-by: Lee, Chun-Yi <jlee@suse.com>
---
 net/nfc/llcp_sock.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -777,6 +777,7 @@ sock_llcp_release:
 	llcp_sock->local = NULL;
 
 put_dev:
+	llcp_sock->dev = NULL;
 	nfc_put_device(dev);
 
 error: