[PATCH OLK-5.10] nfc: nci: fix possible NULL pointer dereference in send_acknowledge() - Kernel

27 Jan 2024

From: Krzysztof Kozlowski krzysztof.kozlowski@linaro.org
stable inclusion
from stable-v5.10.199
commit c95fa5b20fe03609e0894656fa43c18045b5097e
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I8YCSH
CVE: CVE-2023-46343
Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=...
--------------------------------
commit 7937609cd387246aed994e81aa4fa951358fba41 upstream.
Handle memory allocation failure from nci_skb_alloc() (calling
alloc_skb()) to avoid possible NULL pointer dereference.
Reported-by: 黄思聪 huangsicong@iie.ac.cn
Fixes: 391d8a2da787 ("NFC: Add NCI over SPI receive")
Cc: stable@vger.kernel.org
Signed-off-by: Krzysztof Kozlowski krzysztof.kozlowski@linaro.org
Reviewed-by: Simon Horman horms@kernel.org
Link: https://lore.kernel.org/r/20231013184129.18738-1-krzysztof.kozlowski@linaro....
Signed-off-by: Jakub Kicinski kuba@kernel.org
Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com
---
 net/nfc/nci/spi.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/nfc/nci/spi.c b/net/nfc/nci/spi.c
index 7d8e10e27c20..0651640d6868 100644
--- a/net/nfc/nci/spi.c
+++ b/net/nfc/nci/spi.c
@@ -151,6 +151,8 @@ static int send_acknowledge(struct nci_spi *nspi, u8 acknowledge)
    int ret;
skb = nci_skb_alloc(nspi->ndev, 0, GFP_KERNEL);
+	if (!skb)
+		return -ENOMEM;
/* add the NCI SPI header to the start of the buffer */
    hdr = skb_push(skb, NCI_SPI_HDR_LEN);
-- 
2.25.1


    