From: Aditya Pakki pakki001@umn.edu
mainline inclusion from mainline-v5.1-rc3 commit d7737d4257459ca8921ff911c88937be1a11ea9d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I7NLJR CVE: CVE-2023-3863
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i...
---------------------------
In case of kmemdup failure while setting the service name the patch returns -ENOMEM upstream for processing.
Signed-off-by: Aditya Pakki pakki001@umn.edu Signed-off-by: David S. Miller davem@davemloft.net Conflicts: net/nfc/llcp_sock.c Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com --- net/nfc/llcp_sock.c | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-)
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 23f7116d122a..2162644a37e9 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -743,6 +743,10 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, llcp_sock->service_name = kmemdup(addr->service_name, llcp_sock->service_name_len, GFP_KERNEL); + if (!llcp_sock->service_name) { + ret = -ENOMEM; + goto sock_llcp_release; + }
nfc_llcp_sock_link(&local->connecting_sockets, sk);
@@ -762,14 +766,15 @@ static int llcp_sock_connect(struct socket *sock, struct sockaddr *_addr, return ret;
sock_unlink: - nfc_llcp_put_ssap(local, llcp_sock->ssap); - nfc_llcp_local_put(llcp_sock->local); - llcp_sock->local = NULL; - nfc_llcp_sock_unlink(&local->connecting_sockets, sk); kfree(llcp_sock->service_name); llcp_sock->service_name = NULL;
+sock_llcp_release: + nfc_llcp_put_ssap(local, llcp_sock->ssap); + nfc_llcp_local_put(llcp_sock->local); + llcp_sock->local = NULL; + put_dev: nfc_put_device(dev);