NFC: Fix possible NULL ptr deref when getting the name of a socket

[~andy/linux] / net / nfc / llcp / sock.c

diff --git a/net/nfc/llcp/sock.c b/net/nfc/llcp/sock.c
index 99196d3b84ebb3bc115edc9603d2eac4094f7792..17a707db40eb9865000cd073d3661fef1d1ced13 100644 (file)
--- a/net/nfc/llcp/sock.c
+++ b/net/nfc/llcp/sock.c
@@ -292,6 +292,9 @@ static int llcp_sock_getname(struct socket *sock, struct sockaddr *addr,
 
        pr_debug("%p\n", sk);
 
+       if (llcp_sock == NULL)
+               return -EBADFD;
+
        addr->sa_family = AF_NFC;
        *len = sizeof(struct sockaddr_nfc_llcp);
 
@@ -340,11 +343,24 @@ static unsigned int llcp_sock_poll(struct file *file, struct socket *sock,
                mask |= POLLERR;
 
        if (!skb_queue_empty(&sk->sk_receive_queue))
-               mask |= POLLIN;
+               mask |= POLLIN | POLLRDNORM;
 
        if (sk->sk_state == LLCP_CLOSED)
                mask |= POLLHUP;
 
+       if (sk->sk_shutdown & RCV_SHUTDOWN)
+               mask |= POLLRDHUP | POLLIN | POLLRDNORM;
+
+       if (sk->sk_shutdown == SHUTDOWN_MASK)
+               mask |= POLLHUP;
+
+       if (sock_writeable(sk))
+               mask |= POLLOUT | POLLWRNORM | POLLWRBAND;
+       else
+               set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
+
+       pr_debug("mask 0x%x\n", mask);
+
        return mask;
 }