diff options
author | Cong Wang <xiyou.wangcong@gmail.com> | 2016-01-29 11:37:40 -0800 |
---|---|---|
committer | Samuel Ortiz <sameo@linux.intel.com> | 2016-02-25 08:41:01 +0100 |
commit | 03c05355543149bf610f4375e8382ee4fc0aaade (patch) | |
tree | 6173ee32c1628a3973ec9305611895434ad121e7 /drivers/nfc | |
parent | 81ca7835f2cb0c3ba4236e3bcf31d997c6f5d71a (diff) |
NFC: Close a race condition in llcp_sock_getname()
llcp_sock_getname() checks llcp_sock->dev to make sure
llcp_sock is already connected or bound, however, we could
be in the middle of llcp_sock_bind() where llcp_sock->dev
is bound and llcp_sock->service_name_len is set,
but llcp_sock->service_name is not, in this case we would
lead to copy some bytes from a NULL pointer.
Just lock the sock since this is not a hot path anyway.
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
Diffstat (limited to 'drivers/nfc')
0 files changed, 0 insertions, 0 deletions