Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-11 06:31:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
9f28157778
linux/drivers/nfc
History
Minsuk Kang 9f28157778 nfc: pn533: Clear nfc_target before being used 
Fix a slab-out-of-bounds read that occurs in nla_put() called from
nfc_genl_send_target() when target->sensb_res_len, which is duplicated
from an nfc_target in pn533, is too large as the nfc_target is not
properly initialized and retains garbage values. Clear nfc_targets with
memset() before they are used.

Found by a modified version of syzkaller.

BUG: KASAN: slab-out-of-bounds in nla_put
Call Trace:
 memcpy
 nla_put
 nfc_genl_dump_targets
 genl_lock_dumpit
 netlink_dump
 __netlink_dump_start
 genl_family_rcv_msg_dumpit
 genl_rcv_msg
 netlink_rcv_skb
 genl_rcv
 netlink_unicast
 netlink_sendmsg
 sock_sendmsg
 ____sys_sendmsg
 ___sys_sendmsg
 __sys_sendmsg
 do_syscall_64

Fixes: 673088fb42 ("NFC: pn533: Send ATR_REQ directly for active device detection")
Fixes: 361f3cb7f9 ("NFC: DEP link hook implementation for pn533")
Signed-off-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20221214015139.119673-1-linuxlovemin@yonsei.ac.kr
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-12-14 20:51:29 -08:00
..
fdp nfc: fdp: Fix potential memory leak in fdp_nci_send() 2022-10-30 21:43:26 +00:00
microread nfc: microread: Convert to i2c's .probe_new() 2022-11-23 12:50:06 -08:00
nfcmrvl Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-29 13:04:52 -08:00
nxp-nci Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-29 13:04:52 -08:00
pn533 nfc: pn533: Clear nfc_target before being used 2022-12-14 20:51:29 -08:00
pn544 nfc: pn544: Convert to i2c's .probe_new() 2022-11-23 12:50:07 -08:00
s3fwrn5 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-29 13:04:52 -08:00
st21nfca nfc: st21nfca: i2c: Convert to i2c's .probe_new() 2022-11-23 12:50:08 -08:00
st95hf spi: make remove callback a void function 2022-02-09 13:00:45 +00:00
st-nci Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-11-29 13:04:52 -08:00
Kconfig nfc: Add a virtual nci device driver 2021-01-29 18:03:33 -08:00
Makefile nfc: Add a virtual nci device driver 2021-01-29 18:03:33 -08:00
mei_phy.c nfc: mei_phy: constify buffer passed to mei_nfc_send() 2021-07-29 12:28:02 +01:00
mei_phy.h nfc: constify nfc_phy_ops 2021-07-25 09:21:21 +01:00
nfcsim.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2021-07-31 09:14:46 -07:00
port100.c NFC: port100: fix use-after-free in port100_send_complete 2022-03-09 19:59:34 -08:00
trf7970a.c spi: make remove callback a void function 2022-02-09 13:00:45 +00:00
virtual_ncidev.c NFC: nci: Allow to create multiple virtual nci devices 2022-11-17 13:48:01 +01:00