This is a note to let you know that I've just added the patch titled
nfc: nci: assert requested protocol is valid
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
nfc-nci-assert-requested-protocol-is-valid.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit acb7e9d77b77fc5fbcc6974cb38fff1178aa2f17
Author: Jeremy Cline <jeremy@xxxxxxxxxx>
Date: Mon Oct 9 16:00:54 2023 -0400
nfc: nci: assert requested protocol is valid
[ Upstream commit 354a6e707e29cb0c007176ee5b8db8be7bd2dee0 ]
The protocol is used in a bit mask to determine if the protocol is
supported. Assert the provided protocol is less than the maximum
defined so it doesn't potentially perform a shift-out-of-bounds and
provide a clearer error for undefined protocols vs unsupported ones.
Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation")
Reported-and-tested-by: syzbot+0839b78e119aae1fec78@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=0839b78e119aae1fec78
Signed-off-by: Jeremy Cline <jeremy@xxxxxxxxxx>
Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
Link: https://lore.kernel.org/r/20231009200054.82557-1-jeremy@xxxxxxxxxx
Signed-off-by: Paolo Abeni <pabeni@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
index fff755dde30d6..6c9592d051206 100644
--- a/net/nfc/nci/core.c
+++ b/net/nfc/nci/core.c
@@ -909,6 +909,11 @@ static int nci_activate_target(struct nfc_dev *nfc_dev,
return -EINVAL;
}
+ if (protocol >= NFC_PROTO_MAX) {
+ pr_err("the requested nfc protocol is invalid\n");
+ return -EINVAL;
+ }
+
if (!(nci_target->supported_protocols & (1 << protocol))) {
pr_err("target does not support the requested protocol 0x%x\n",
protocol);
