| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Nov 2018 15:28:00 +0800
From: Wen Yang <wen.yang99@....com.cn>
To: sameo@...ux.intel.com
Cc: linux-wireless@...r.kernel.org, linux-kernel@...r.kernel.org,
zhong.weidong@....com.cn, Wen Yang <wen.yang99@....com.cn>
Subject: [PATCH] NFC: fdp: Fix signedness bug in fdp_nci_send_patch
Currently, the error handling for the call to
nci_conn_max_data_pkt_payload_size() doesn't work
because *max_size* is of type u8 (8 bits, unsigned),
which makes it impossible for it to hold a value less
than 0.
Fix this by changing the type of variable *max_size*
to s16 (16 bits, signed).
since conn_info->max_pkt_payload_len is of type u8,
so s16 is enough.
Signed-off-by: Wen Yang <wen.yang99@....com.cn>
CC: Samuel Ortiz <sameo@...ux.intel.com>
CC: linux-wireless@...r.kernel.org
CC: linux-kernel@...r.kernel.org
---
drivers/nfc/fdp/fdp.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/nfc/fdp/fdp.c b/drivers/nfc/fdp/fdp.c
index d5784a47fc13..d9203e2468fd 100644
--- a/drivers/nfc/fdp/fdp.c
+++ b/drivers/nfc/fdp/fdp.c
@@ -192,7 +192,7 @@ static int fdp_nci_send_patch(struct nci_dev *ndev, u8 conn_id, u8 type)
const struct firmware *fw;
struct sk_buff *skb;
unsigned long len;
- u8 max_size, payload_size;
+ s16 max_size, payload_size;
int rc = 0;
if ((type == NCI_PATCH_TYPE_OTP && !info->otp_patch) ||
--
2.19.1
Powered by blists - more mailing lists