Re: [syzbot] [PATCH] Test for aea6bf908d73
From: syzbot
Date: Fri Nov 10 2023 - 13:12:42 EST
For archival purposes, forwarding an incoming command email to
linux-kernel@xxxxxxxxxxxxxxx.
***
Subject: [PATCH] Test for aea6bf908d73
Author: eadavis@xxxxxx
please test uaf in nfc_alloc_send_skb
#syz test https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git aea6bf908d73
diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
index e2680a3bef79..05b21ced9e1f 100644
--- a/net/nfc/llcp_commands.c
+++ b/net/nfc/llcp_commands.c
@@ -754,6 +754,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
remaining_len = len;
msg_ptr = msg_data;
+ bh_lock_sock(sock);
do {
remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
local->remote_miu : sock->remote_miu;
@@ -784,6 +785,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
remaining_len -= frag_len;
msg_ptr += frag_len;
} while (remaining_len > 0);
+ bh_unlock_sock(sock);
kfree(msg_data);
--
2.25.1