Hi Cong, On Fri, Jan 29, 2016 at 11:37:40AM -0800, Cong Wang wrote: > llcp_sock_getname() checks llcp_sock->dev to make sure > llcp_sock is already connected or bound, however, we could > be in the middle of llcp_sock_bind() where llcp_sock->dev > is bound and llcp_sock->service_name_len is set, > but llcp_sock->service_name is not, in this case we would > lead to copy some bytes from a NULL pointer. > > Just lock the sock since this is not a hot path anyway. > > Reported-by: Dmitry Vyukov <dvyu...@google.com> > Cc: Lauro Ramos Venancio <lauro.venan...@openbossa.org> > Cc: Aloisio Almeida Jr <aloisio.alme...@openbossa.org> > Cc: Samuel Ortiz <sa...@linux.intel.com> > Signed-off-by: Cong Wang <xiyou.wangc...@gmail.com> > --- > net/nfc/llcp_sock.c | 6 ++++++ > 1 file changed, 6 insertions(+) Applied as well, thanks.
Cheers, Samuel.
