Kees Cook 908b2da426 NFC: nci: Bounds check struct nfc_target arrays ... [ Upstream commit e329e71013 ] While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18) This appears to be a legitimate lack of bounds checking in nci_add_new_protocol(). Add the missing checks. Reported-by: syzbot+210e196cef4711b65139@syzkaller.appspotmail.com Link: https://lore.kernel.org/lkml/0000000000001c590f05ee7b3ff4@google.com Fixes: 019c4fbaa7 ("NFC: Add NCI multiple targets support") Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20221202214410.never.693-kees@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2022-12-14 11:37:27 +01:00
..
Kconfig	…
Makefile	…
core.c	nfc/nci: fix race with opening and closing	2022-12-02 17:41:04 +01:00
data.c	NFC: nci: fix memory leak in nci_rx_data_packet()	2022-12-02 17:41:06 +01:00
hci.c	NFC: nci: fix sleep in atomic context bugs caused by nci_skb_alloc	2022-05-25 09:57:32 +02:00
lib.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 234	2019-06-19 17:09:07 +02:00
ntf.c	NFC: nci: Bounds check struct nfc_target arrays	2022-12-14 11:37:27 +01:00
rsp.c	nfc: nci: fix the UAF of rf_conn_info object	2021-10-08 17:24:32 +01:00
spi.c	nfc: nci: constify several pointers to u8, sk_buff and other structs	2021-07-30 17:22:52 +02:00
uart.c	tty: make tty_ldisc_ops a param in tty_unregister_ldisc	2021-05-13 16:57:16 +02:00