Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-15 08:31:55 +00:00
Code Issues Packages Projects Releases Wiki Activity
A mirror of the official Linux kernel repository just in case
1,102,836 Commits 7 Branches 861 Tags 6.6 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
f2e19b3659
Go to file
Martin Faltesek f2e19b3659 nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION 
The transaction buffer is allocated by using the size of the packet buf,
and subtracting two which seem intended to remove the two tags which are
not present in the target structure. This calculation leads to under
counting memory because of differences between the packet contents and the
target structure. The aid_len field is a u8 in the packet, but a u32 in
the structure, resulting in at least 3 bytes always being under counted.
Further, the aid data is a variable length field in the packet, but fixed
in the structure, so if this field is less than the max, the difference is
added to the under counting.

The last validation check for transaction->params_len is also incorrect
since it employs the same accounting error.

To fix, perform validation checks progressively to safely reach the
next field, to determine the size of both buffers and verify both tags.
Once all validation checks pass, allocate the buffer and copy the data.
This eliminates freeing memory on the error path, as those checks are
moved ahead of memory allocation.

Fixes: 26fc6c7f02 ("NFC: st21nfca: Add HCI transaction event support")
Fixes: 4fbcc1a4cb ("nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION")
Cc: stable@vger.kernel.org
Signed-off-by: Martin Faltesek <mfaltesek@google.com>
Reviewed-by: Guenter Roeck <groeck@chromium.org>
Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-06-08 10:17:17 -07:00
arch Livepatching changes for 5.19 2022-06-02 08:55:01 -07:00
block Page cache changes for 5.19 2022-05-24 19:55:07 -07:00
certs Kbuild updates for v5.19 2022-05-26 12:09:50 -07:00
crypto This update includes the following changes: 2022-05-27 18:06:49 -07:00
Documentation Networking fixes for 5.19-rc1, including fixes from bpf, and netfilter. 2022-06-02 12:50:16 -07:00
drivers nfc: st21nfca: fix incorrect sizing calculations in EVT_TRANSACTION 2022-06-08 10:17:17 -07:00
fs A big pile of assorted fixes and improvements for the filesystem with 2022-06-02 08:59:39 -07:00
include Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 2022-06-07 17:49:48 -07:00
init RISC-V Patches for the 5.19 Merge Window, Part 1 2022-05-31 14:10:54 -07:00
ipc ipc/mqueue: use get_tree_nodev() in mqueue_get_tree() 2022-05-09 18:29:21 -07:00
kernel Networking fixes for 5.19-rc1, including fixes from bpf, and netfilter. 2022-06-02 12:50:16 -07:00
lib assoc_array: Fix BUG_ON during garbage collect 2022-06-01 18:29:06 -07:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm RISC-V Patches for the 5.19 Merge Window, Part 1 2022-05-31 14:10:54 -07:00
net net: ipv6: unexport __init-annotated seg6_hmac_init() 2022-06-08 10:10:14 -07:00
samples drm for 5.19-rc1 2022-05-25 16:18:27 -07:00
scripts Not a lot of material this cycle. Many singleton patches against various 2022-05-27 11:22:03 -07:00
security linux-kselftest-kunit-5.19-rc1 2022-05-25 11:32:53 -07:00
sound m68knommu: changes for linux 5.19 2022-05-30 10:56:18 -07:00
tools Merge git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf 2022-06-07 17:49:48 -07:00
usr Not a lot of material this cycle. Many singleton patches against various 2022-05-27 11:22:03 -07:00
virt VFIO updates for v5.19-rc1 2022-06-01 13:49:15 -07:00
.clang-format clang-format: Fix space after for_each macros 2022-05-20 19:27:16 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore kbuild: split the second line of *.mod into *.usyms 2022-05-08 03:16:59 +09:00
.mailmap MAINTAINERS: Update Lorenzo Pieralisi's email address 2022-05-31 15:06:19 -05:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: replace a Microchip AT91 maintainer 2022-02-09 11:30:01 +01:00
Kbuild kbuild: rename hostprogs-y/always to hostprogs/always-y 2020-02-04 01:53:07 +09:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS pci-v5.19-fixes-1 2022-06-02 12:11:25 -07:00
Makefile Kbuild updates for v5.19 2022-05-26 12:09:50 -07:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.