Commit faba439f authored by Jordy Zomer's avatar Jordy Zomer Committed by Laibin Qiu
Browse files

nfc: st21nfca: Fix potential buffer overflows in EVT_TRANSACTION 



mainline inclusion
from mainline-v5.17-rc1
commit 4fbcc1a4
category: bugfix
bugzilla: 186393
CVE: CVE-2022-26490

-------------------------------------------------

It appears that there are some buffer overflows in EVT_TRANSACTION.
This happens because the length parameters that are passed to memcpy
come directly from skb->data and are not guarded in any way.

Signed-off-by: default avatarJordy Zomer <jordy@pwning.systems>
Reviewed-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarHuang Guobin <huangguobin4@huawei.com>
Reviewed-by: default avatarWei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: default avatarXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: default avatarLaibin Qiu <qiulaibin@huawei.com>
parent 3dfc9fb2
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment