a946ebee45
[ Upstream commit d24b03535e5eb82e025219c2f632b485409c898f ]
syzbot reported the following uninit-value access issue [1][2]:
nci_rx_work() parses and processes received packet. When the payload
length is zero, each message type handler reads uninitialized payload
and KMSAN detects this issue. The receipt of a packet with a zero-size
payload is considered unexpected, and therefore, such packets should be
silently discarded.
This patch resolved this issue by checking payload size before calling
each message type handler codes.
Fixes:
|
||
---|---|---|
.. | ||
hci | ||
nci | ||
Kconfig | ||
Makefile | ||
af_nfc.c | ||
core.c | ||
digital.h | ||
digital_core.c | ||
digital_dep.c | ||
digital_technology.c | ||
llcp.h | ||
llcp_commands.c | ||
llcp_core.c | ||
llcp_sock.c | ||
netlink.c | ||
nfc.h | ||
rawsock.c |