WSL2-Linux-Kernel/drivers/nfc
Edward Adam Davis f07bcd8bba nfc/nci: Add the inconsistency check between the input data length and count
[ Upstream commit 068648aab72c9ba7b0597354ef4d81ffaac7b979 ]

write$nci(r0, &(0x7f0000000740)=ANY=[@ANYBLOB="610501"], 0xf)

Syzbot constructed a write() call with a data length of 3 bytes but a count value
of 15, which passed too little data to meet the basic requirements of the function
nci_rf_intf_activated_ntf_packet().

Therefore, increasing the comparison between data length and count value to avoid
problems caused by inconsistent data length and count.

Reported-and-tested-by: syzbot+71bfed2b2bcea46c98f2@syzkaller.appspotmail.com
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-07-18 13:07:36 +02:00
..
fdp nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties 2023-03-17 08:48:53 +01:00
microread
nfcmrvl nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() 2022-11-10 18:15:28 +01:00
nxp-nci nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() 2022-11-10 18:15:27 +01:00
pn533 nfc: pn533: initialize struct pn533_out_arg properly 2023-03-22 13:31:24 +01:00
pn544
s3fwrn5 nfc: s3fwrn5: Fix potential memory leak in s3fwrn5_nci_send() 2022-11-10 18:15:27 +01:00
st-nci nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition 2023-03-22 13:31:26 +01:00
st21nfca nfc: fix memory leak of se_io context in nfc_genl_se_io 2023-03-11 13:57:29 +01:00
st95hf
Kconfig
Makefile
mei_phy.c
mei_phy.h
nfcsim.c nfcsim.c: Fix error checking for debugfs_create_dir 2023-06-28 10:29:51 +02:00
port100.c NFC: port100: fix use-after-free in port100_send_complete 2022-03-16 14:23:39 +01:00
trf7970a.c NFC: trf7970a: disable all regulators on removal 2024-05-02 16:24:45 +02:00
virtual_ncidev.c nfc/nci: Add the inconsistency check between the input data length and count 2024-07-18 13:07:36 +02:00