Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.19 / 51d5daea85b763cdee3a3f441a9f68ed5b43a552
commit51d5daea85b763cdee3a3f441a9f68ed5b43a552[log] [tgz]
authorSuren Baghdasaryan <surenb@google.com>Thu Aug 17 10:43:14 2017 -0700
committerAmit Pundir <amit.pundir@linaro.org>Tue Aug 28 17:10:42 2018 +0530
tree0752a447f045a09567d227a372ffde94d3431917
parent9d30b77414296d08f4a63c14912f9213a0b00361 [diff]
ANDROID: NFC: st21nfca: Fix out of bounds kernel access when handling ATR_REQ

Out of bounds kernel accesses in st21nfca's NFC HCI layer
might happen when handling ATR_REQ events if user-specified
atr_req->length is bigger than the buffer size. In
that case memcpy() inside st21nfca_tm_send_atr_res() will
read extra bytes resulting in OOB read from the kernel heap.

Bug: 62679012

Signed-off-by: Suren Baghdasaryan <surenb@google.com>
1 file changed
tree: 0752a447f045a09567d227a372ffde94d3431917
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. LICENSES/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .clang-format
  25. .cocciconfig
  26. .get_maintainer.ignore
  27. .gitattributes
  28. .gitignore
  29. .mailmap
  30. build.config.goldfish.arm
  31. build.config.goldfish.arm64
  32. build.config.goldfish.mips
  33. build.config.goldfish.mips64
  34. build.config.goldfish.x86
  35. build.config.goldfish.x86_64
  36. COPYING
  37. CREDITS
  38. Kbuild
  39. Kconfig
  40. MAINTAINERS
  41. Makefile
  42. README