Patch "nfc: nci: assert requested protocol is valid" has been added to the 6.5-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    nfc: nci: assert requested protocol is valid

to the 6.5-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     nfc-nci-assert-requested-protocol-is-valid.patch
and it can be found in the queue-6.5 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit acb7e9d77b77fc5fbcc6974cb38fff1178aa2f17
Author: Jeremy Cline <jeremy@xxxxxxxxxx>
Date:   Mon Oct 9 16:00:54 2023 -0400

    nfc: nci: assert requested protocol is valid
    
    [ Upstream commit 354a6e707e29cb0c007176ee5b8db8be7bd2dee0 ]
    
    The protocol is used in a bit mask to determine if the protocol is
    supported. Assert the provided protocol is less than the maximum
    defined so it doesn't potentially perform a shift-out-of-bounds and
    provide a clearer error for undefined protocols vs unsupported ones.
    
    Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation")
    Reported-and-tested-by: syzbot+0839b78e119aae1fec78@xxxxxxxxxxxxxxxxxxxxxxxxx
    Closes: https://syzkaller.appspot.com/bug?extid=0839b78e119aae1fec78
    Signed-off-by: Jeremy Cline <jeremy@xxxxxxxxxx>
    Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20231009200054.82557-1-jeremy@xxxxxxxxxx
    Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index fff755dde30d6..6c9592d051206 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -909,6 +909,11 @@ static int nci_activate_target(struct nfc_dev *nfc_dev,
 		return -EINVAL;
 	}
 
+	if (protocol >= NFC_PROTO_MAX) {
+		pr_err("the requested nfc protocol is invalid\n");
+		return -EINVAL;
+	}
+
 	if (!(nci_target->supported_protocols & (1 << protocol))) {
 		pr_err("target does not support the requested protocol 0x%x\n",
 		       protocol);



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux