mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/net/nfc/hci
History
Dan Carpenter ac07a9a4de net: nfc: fix bounds checking bugs on "pipe" 
[ Upstream commit a3aefbfe45 ]

This is similar to commit 674d9de02a ("NFC: Fix possible memory
corruption when handling SHDLC I-Frame commands") and commit d7ee81ad09
("NFC: nci: Add some bounds checking in nci_hci_cmd_received()") which
added range checks on "pipe".

The "pipe" variable comes skb->data[0] in nfc_hci_msg_rx_work().
It's in the 0-255 range.  We're using it as the array index into the
hdev->pipes[] array which has NFC_HCI_MAX_PIPES (128) members.

Fixes: 118278f20a ("NFC: hci: Add pipes table to reference them with a tuple {gate, host}")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2020-03-20 10:54:08 +01:00
..
Kconfig NFC: Select CRC_CCITT for SHDLC link layer of HCI based drivers 2012-05-15 17:27:28 -04:00
Makefile NFC: Changed HCI and PN544 HCI driver to use the new HCI LLC Core 2012-09-25 00:17:26 +02:00
command.c NFC: hci: Change nfc_hci_send_response gate parameter to pipe 2015-01-27 23:55:20 +01:00
core.c net: nfc: fix bounds checking bugs on "pipe" 2020-03-20 10:54:08 +01:00
hci.h NFC: hci: Remove nfc_hci_pipe2gate function 2015-01-28 00:03:36 +01:00
hcp.c NFC: hci: Remove nfc_hci_pipe2gate function 2015-01-28 00:03:36 +01:00
llc.c NFC: hci: delete unused nfc_llc_get_rx_head_tail_room() 2016-07-04 12:14:05 +02:00
llc.h nfc: Fix FSF address in file headers 2013-12-11 10:56:21 -05:00
llc_nop.c nfc: Fix FSF address in file headers 2013-12-11 10:56:21 -05:00
llc_shdlc.c networking: add and use skb_put_u8() 2017-06-16 11:48:40 -04:00