Commit dd198420 authored by Jordy Zomer's avatar Jordy Zomer Committed by Zheng Zengkai
Browse files

nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION 

mainline inclusion
from mainline-v5.17-rc1
commit 4fbcc1a4
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I4XOH9
CVE: CVE-2022-26490
backport: openEuler-22.03-LTS

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4fbcc1a4cb20fe26ad0225679c536c80f1648221



--------------------------------

It appears that there are some buffer overflows in EVT_TRANSACTION.
This happens because the length parameters that are passed to memcpy
come directly from skb->data and are not guarded in any way.

Signed-off-by: default avatarJordy Zomer <jordy@pwning.systems>
Reviewed-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarHuang Guobin <huangguobin4@huawei.com>
Reviewed-by: default avatarWei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent 876e324f
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment