Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-5.4 / e9a4aa3ba386c8a368baaadde6f9e5c3d5f17cfe
commite9a4aa3ba386c8a368baaadde6f9e5c3d5f17cfe[log] [tgz]
authorDan Carpenter <dan.carpenter@oracle.com>Thu Jan 31 11:16:46 2013 +0300
committerJohn W. Linville <linville@tuxdriver.com>Fri Feb 08 14:51:31 2013 -0500
tree5a92893b34d4d7ef1f1913c1113fbe5999b2e65b
parentc6d3b2046e310b361da93fe6c44bde5522c782da [diff]
NFC: llcp: integer underflow in nfc_llcp_set_remote_gb()

If gb_len is less than 3 it would cause an integer underflow and
possibly memory corruption in nfc_llcp_parse_gb_tlv().

I removed the old test for gb_len == 0.  I also removed the test for
->remote_gb == NULL.  It's not possible for ->remote_gb to be NULL and
we have already dereferenced ->remote_gb_len so it's too late to test.

The old test return -ENODEV but my test returns -EINVAL.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
1 file changed
tree: 5a92893b34d4d7ef1f1913c1113fbe5999b2e65b
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS