commit | 85e5fc78cf64232a9ce06f3b0bdef75042f1b5d0 | [log] [tgz] |
---|---|---|
author | Suren Baghdasaryan <surenb@google.com> | Thu Aug 17 10:43:14 2017 -0700 |
committer | Suren Baghdasaryan <surenb@google.com> | Fri Aug 18 22:01:25 2017 +0000 |
tree | bd48bdba9e9cdd22b3798e1b956a6a9b24ab89ba | |
parent | ca95b3e3a5a1ce52be5a958637ac064e28fe4be9 [diff] |
ANDROID: NFC: st21nfca: Fix out of bounds kernel access when handling ATR_REQ Out of bounds kernel accesses in st21nfca's NFC HCI layer might happen when handling ATR_REQ events if user-specified atr_req->length is bigger than the buffer size. In that case memcpy() inside st21nfca_tm_send_atr_res() will read extra bytes resulting in OOB read from the kernel heap. Bug: 62679012 Signed-off-by: Suren Baghdasaryan <surenb@google.com>