UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity

NFC: st21nfca: Add condition to make sure atr_req->length is valid. 

gb_len in st21nfca_tm_send_atr_res can be negative. Not checking for
that could lead to a potential kernel oops.
We now make sure that atr_req->length > sizeof(struct st21nfca_atr_req)
to avoid such situation.

Signed-off-by: Christophe Ricard <christophe-h.ricard@st.com>
Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This commit is contained in:
Christophe Ricard 2014-08-11 00:04:56 +02:00 committed by Samuel Ortiz
parent a51577c9e3
commit 56f1ffcccd
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
drivers/nfc/st21nfca/st21nfca_dep.c
View File

@ -211,6 +211,11 @@ static int st21nfca_tm_recv_atr_req(struct nfc_hci_dev *hdev,
atr_req = (struct st21nfca_atr_req *)skb->data;
if (atr_req->length < sizeof(struct st21nfca_atr_req)) {
r = -EPROTO;
goto exit;
}
r = st21nfca_tm_send_atr_res(hdev, atr_req);
if (r)
goto exit;