summaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorMinsuk Kang <linuxlovemin@yonsei.ac.kr>2022-12-14 02:51:39 +0100
committerJakub Kicinski <kuba@kernel.org>2022-12-15 05:51:29 +0100
commit9f28157778ede0d4f183f7ab3b46995bb400abbe (patch)
treeb6ab21449064efde50e02fa5e0b700cc2a580377 /net
parentnet: enetc: avoid buffer leaks on xdp_do_redirect() failure (diff)
downloadlinux-9f28157778ede0d4f183f7ab3b46995bb400abbe.tar.xz
linux-9f28157778ede0d4f183f7ab3b46995bb400abbe.zip
nfc: pn533: Clear nfc_target before being used
Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call Trace: memcpy nla_put nfc_genl_dump_targets genl_lock_dumpit netlink_dump __netlink_dump_start genl_family_rcv_msg_dumpit genl_rcv_msg netlink_rcv_skb genl_rcv netlink_unicast netlink_sendmsg sock_sendmsg ____sys_sendmsg ___sys_sendmsg __sys_sendmsg do_syscall_64 Fixes: 673088fb42d0 ("NFC: pn533: Send ATR_REQ directly for active device detection") Fixes: 361f3cb7f9cf ("NFC: DEP link hook implementation for pn533") Signed-off-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20221214015139.119673-1-linuxlovemin@yonsei.ac.kr Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net')
0 files changed, 0 insertions, 0 deletions