31c07dffaf
Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF.
Getting a reference on the socket found in a lookup while
holding a lock should happen before releasing the lock.
nfc_llcp_sock_get_sn() has a similar problem.
Finally nfc_llcp_recv_snl() needs to make sure the socket
found by nfc_llcp_sock_from_sn() does not disappear.
Fixes:
|
||
---|---|---|
.. | ||
hci | ||
nci | ||
Kconfig | ||
Makefile | ||
af_nfc.c | ||
core.c | ||
digital.h | ||
digital_core.c | ||
digital_dep.c | ||
digital_technology.c | ||
llcp.h | ||
llcp_commands.c | ||
llcp_core.c | ||
llcp_sock.c | ||
netlink.c | ||
nfc.h | ||
rawsock.c |