Skip to content

GitLab

Switch branch/tag
History Find file
Clone
NFC: nci: Bounds check struct nfc_target arrays
Kees Cook authored 
[ Upstream commit e329e710 ]

While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported:

  memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18)

This appears to be a legitimate lack of bounds checking in
nci_add_new_protocol(). Add the missing checks.

Reported-by: syzbot+210e196cef4711b65139@syzkaller.appspotmail.com
Link: https://lore.kernel.org/lkml/0000000000001c590f05ee7b3ff4@google.com
Fixes: 019c4fba

 ("NFC: Add NCI multiple targets support")
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20221202214410.never.693-kees@kernel.org

Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
908b2da4
Name Last commit Last update
Documentation docs: update mediator contact information in CoC doc
LICENSES LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes"
arch KVM: s390: vsie: Fix the initialization of the epoch extension (epdx) field
block block, bfq: fix null pointer dereference in bfq_bio_bfqg()
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist
crypto crypto: akcipher - default implementation for setting a private key
drivers i40e: Disallow ip4 and ip6 l4_4_bytes
fs cifs: fix use-after-free caused by invalid pointer `hostname`
include memcg: fix possible use-after-free in memcg_write_event_control()
init init/Kconfig: fix CC_HAS_ASM_GOTO_TIED_OUTPUT test with dash
ipc ipc/sem: Fix dangling sem_array access in semtimedop race
kernel memcg: fix possible use-after-free in memcg_write_event_control()
lib Kconfig.debug: provide a little extra FRAME_WARN leeway when KASAN is enabled
mm mm/gup: fix gup_pud_range() for dax
net NFC: nci: Bounds check struct nfc_target arrays
samples samples/landlock: Format with clang-format
scripts scripts/faddr2line: Fix regression in name resolution on ppc64le
security capabilities: fix potential memleak on error path from vfs_getxattr_alloc()
sound ASoC: soc-pcm: Add NULL check in BE reparenting
tools selftests: rtnetlink: correct xfrm policy rule in kci_test_ipsec_offload
usr usr/include/Makefile: add linux/nfc.h to the compile-test coverage
virt kvm: Add support for arch compat vm ioctls
.clang-format clang-format: Update with the latest for_each macro list
.cocciconfig scripts: add Linux .cocciconfig for coccinelle
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS
Kbuild
Kconfig
MAINTAINERS
Makefile
README
README
Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.