Skip to content
Commit 6b37f0dc authored by Kees Cook's avatar Kees Cook Committed by Greg Kroah-Hartman
Browse files

NFC: nci: Bounds check struct nfc_target arrays 



[ Upstream commit e329e71013c9b5a4535b099208493c7826ee4a64 ]

While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported:

  memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nfc/nci/ntf.c:260 (size 18)

This appears to be a legitimate lack of bounds checking in
nci_add_new_protocol(). Add the missing checks.

Reported-by: default avatar <syzbot+210e196cef4711b65139@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/lkml/0000000000001c590f05ee7b3ff4@google.com


Fixes: 019c4fba ("NFC: Add NCI multiple targets support")
Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Reviewed-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@linaro.org>
Link: https://lore.kernel.org/r/20221202214410.never.693-kees@kernel.org


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 3ceffb8f
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment