OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/net/nfc
History
Dan Carpenter a3aefbfe45 net: nfc: fix bounds checking bugs on "pipe" 
This is similar to commit 674d9de02a ("NFC: Fix possible memory
corruption when handling SHDLC I-Frame commands") and commit d7ee81ad09
("NFC: nci: Add some bounds checking in nci_hci_cmd_received()") which
added range checks on "pipe".

The "pipe" variable comes skb->data[0] in nfc_hci_msg_rx_work().
It's in the 0-255 range.  We're using it as the array index into the
hdev->pipes[] array which has NFC_HCI_MAX_PIPES (128) members.

Fixes: 118278f20a ("NFC: hci: Add pipes table to reference them with a tuple {gate, host}")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2020-03-05 21:32:42 -08:00
..
hci net: nfc: fix bounds checking bugs on "pipe" 2020-03-05 21:32:42 -08:00
nci net: nfc: nci: fix a possible sleep-in-atomic-context bug in nci_uart_tty_receive() 2019-12-18 11:57:33 -08:00
Kconfig
Makefile
af_nfc.c
core.c
digital.h
digital_core.c
digital_dep.c
digital_technology.c
llcp.h
llcp_commands.c
llcp_core.c
llcp_sock.c net: use skb_queue_empty_lockless() in poll() handlers 2019-10-28 13:33:41 -07:00
netlink.c nfc: add missing attribute validation for vendor subcommand 2020-03-03 13:28:49 -08:00
nfc.h
rawsock.c