brain-hackers_pepepper-mirror
/
linux-brain
mirror of https://github.com/brain-hackers/linux-brain.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux-brain/net/nfc/hci
History
Dan Carpenter 5afc3791c8 net: nfc: fix bounds checking bugs on "pipe" 
[ Upstream commit a3aefbfe45751bf7b338c181b97608e276b5bb73 ]

This is similar to commit 674d9de02a ("NFC: Fix possible memory
corruption when handling SHDLC I-Frame commands") and commit d7ee81ad09
("NFC: nci: Add some bounds checking in nci_hci_cmd_received()") which
added range checks on "pipe".

The "pipe" variable comes skb->data[0] in nfc_hci_msg_rx_work().
It's in the 0-255 range.  We're using it as the array index into the
hdev->pipes[] array which has NFC_HCI_MAX_PIPES (128) members.

Fixes: 118278f20a ("NFC: hci: Add pipes table to reference them with a tuple {gate, host}")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-03-18 07:17:41 +01:00
..
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
command.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
core.c net: nfc: fix bounds checking bugs on "pipe" 2020-03-18 07:17:41 +01:00
hci.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
hcp.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 13 2019-05-21 11:28:45 +02:00
llc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 399 2019-06-05 17:37:12 +02:00
llc.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 399 2019-06-05 17:37:12 +02:00
llc_nop.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 399 2019-06-05 17:37:12 +02:00
llc_shdlc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 399 2019-06-05 17:37:12 +02:00