Gitiles
Code Review Sign In
android-review.linaro.org / kernel / hikey-linaro / 85e5fc78cf64232a9ce06f3b0bdef75042f1b5d0
commit85e5fc78cf64232a9ce06f3b0bdef75042f1b5d0[log] [tgz]
authorSuren Baghdasaryan <surenb@google.com>Thu Aug 17 10:43:14 2017 -0700
committerSuren Baghdasaryan <surenb@google.com>Fri Aug 18 22:01:25 2017 +0000
treebd48bdba9e9cdd22b3798e1b956a6a9b24ab89ba
parentca95b3e3a5a1ce52be5a958637ac064e28fe4be9 [diff]
ANDROID: NFC: st21nfca: Fix out of bounds kernel access when handling ATR_REQ

Out of bounds kernel accesses in st21nfca's NFC HCI layer
might happen when handling ATR_REQ events if user-specified
atr_req->length is bigger than the buffer size. In
that case memcpy() inside st21nfca_tm_send_atr_res() will
read extra bytes resulting in OOB read from the kernel heap.

Bug: 62679012

Signed-off-by: Suren Baghdasaryan <surenb@google.com>
1 file changed
tree: bd48bdba9e9cdd22b3798e1b956a6a9b24ab89ba
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. build.config.goldfish.arm
  29. build.config.goldfish.arm64
  30. build.config.goldfish.mips
  31. build.config.goldfish.mips64
  32. build.config.goldfish.x86
  33. build.config.goldfish.x86_64
  34. COPYING
  35. CREDITS
  36. Kbuild
  37. Kconfig
  38. MAINTAINERS
  39. Makefile
  40. README
  41. REPORTING-BUGS