!15574 some CVE fixes (10501491) · Commits · EulixOS / Software / Kernel

drivers/nfc/st21nfca/se.c

+10 −3

Original line number	Diff line number	Diff line
		@@ -334,22 +334,29 @@ int st21nfca_connectivity_event_received(struct nfc_hci_dev *hdev, u8 host,
		transaction->aid_len = skb->data[1];

		/* Checking if the length of the AID is valid */
		if (transaction->aid_len > sizeof(transaction->aid))
		if (transaction->aid_len > sizeof(transaction->aid)) {
		devm_kfree(dev, transaction);
		return -EINVAL;
		}

		memcpy(transaction->aid, &skb->data[2],
		transaction->aid_len);

		/* Check next byte is PARAMETERS tag (82) */
		if (skb->data[transaction->aid_len + 2] !=
		NFC_EVT_TRANSACTION_PARAMS_TAG)
		NFC_EVT_TRANSACTION_PARAMS_TAG) {
		devm_kfree(dev, transaction);
		return -EPROTO;
		}

		transaction->params_len = skb->data[transaction->aid_len + 3];

		/* Total size is allocated (skb->len - 2) minus fixed array members */
		if (transaction->params_len > ((skb->len - 2) - sizeof(struct nfc_evt_transaction)))
		if (transaction->params_len > ((skb->len - 2) -
		sizeof(struct nfc_evt_transaction))) {
		devm_kfree(dev, transaction);
		return -EINVAL;
		}

		memcpy(transaction->params, skb->data +
		transaction->aid_len + 4, transaction->params_len);

+2 −0

Original line number	Diff line number	Diff line
		@@ -320,6 +320,8 @@ static int mtk_rtc_probe(struct platform_device *pdev)
		return -ENOMEM;

		res = platform_get_resource(pdev, IORESOURCE_MEM, 0);
		if (!res)
		return -EINVAL;
		rtc->addr_base = res->start;

		rtc->irq = platform_get_irq(pdev, 0);

+1 −1

Original line number	Diff line number	Diff line
		@@ -654,9 +654,9 @@ static void rtllib_beacons_stop(struct rtllib_device *ieee)
		spin_lock_irqsave(&ieee->beacon_lock, flags);

		ieee->beacon_txing = 0;
		del_timer_sync(&ieee->beacon_timer);

		spin_unlock_irqrestore(&ieee->beacon_lock, flags);
		del_timer_sync(&ieee->beacon_timer);

		}