lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 13 Jun 2022 12:11:07 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Martin Faltesek <mfaltesek@...gle.com>, Guenter Roeck <groeck@...omium.org>, Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org>, Jakub Kicinski <kuba@...nel.org> Subject: [PATCH 4.14 209/218] nfc: st21nfca: fix incorrect validating logic in EVT_TRANSACTION From: Martin Faltesek <mfaltesek@...gle.com> commit 77e5fe8f176a525523ae091d6fd0fbb8834c156d upstream. The first validation check for EVT_TRANSACTION has two different checks tied together with logical AND. One is a check for minimum packet length, and the other is for a valid aid_tag. If either condition is true (fails), then an error should be triggered. The fix is to change && to ||. Fixes: 26fc6c7f02cb ("NFC: st21nfca: Add HCI transaction event support") Cc: stable@...r.kernel.org Signed-off-by: Martin Faltesek <mfaltesek@...gle.com> Reviewed-by: Guenter Roeck <groeck@...omium.org> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@...aro.org> Signed-off-by: Jakub Kicinski <kuba@...nel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- drivers/nfc/st21nfca/se.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/drivers/nfc/st21nfca/se.c +++ b/drivers/nfc/st21nfca/se.c @@ -320,7 +320,7 @@ int st21nfca_connectivity_event_received * AID 81 5 to 16 * PARAMETERS 82 0 to 255 */ - if (skb->len < NFC_MIN_AID_LENGTH + 2 && + if (skb->len < NFC_MIN_AID_LENGTH + 2 || skb->data[0] != NFC_EVT_TRANSACTION_AID_TAG) return -EPROTO;
Powered by blists - more mailing lists