nfc: nci: Fix uninit-value in nci_rx_work - kernel/linux.git

diff options

author	Ryosuke Yasuoka <ryasuoka@redhat.com>	2024-05-19 12:43:03 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2024-06-12 12:12:47 +0300
commit	e53a7f8afcbd2886f2a94c5d56757328109730ea (patch)
tree	db4e53fff4734f5d18971e0302e6ec6eba7578f7 /.get_maintainer.ignore
parent	f354dc8c7d3272b71c35a63753650106c5bc810f (diff)
download	linux-e53a7f8afcbd2886f2a94c5d56757328109730ea.tar.xz

nfc: nci: Fix uninit-value in nci_rx_work

[ Upstream commit e4a87abf588536d1cdfb128595e6e680af5cf3ed ] syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and total packet size before processing the packet. If an invalid packet is detected, it should be silently discarded. Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet") Reported-and-tested-by: syzbot+d7b4dc6cd50410152534@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=d7b4dc6cd50410152534 [1] Signed-off-by: Ryosuke Yasuoka <ryasuoka@redhat.com> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>

Diffstat (limited to '.get_maintainer.ignore')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: