lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Tue, 13 Dec 2022 17:05:27 +0100
From:   Krzysztof Kozlowski <>
To:     Minsuk Kang <>,
Subject: Re: [PATCH net v2] nfc: pn533: Clear nfc_target before being used

On 13/12/2022 17:03, Minsuk Kang wrote:
> On Tue, Dec 13, 2022 at 03:41:36PM +0100, Krzysztof Kozlowski wrote:
>> On 13/12/2022 15:38, Krzysztof Kozlowski wrote:
>>> On 13/12/2022 15:27, Minsuk Kang wrote:
>>>> Fix a slab-out-of-bounds read that occurs in nla_put() called from
>>>> nfc_genl_send_target() when target->sensb_res_len, which is duplicated
>>>> from an nfc_target in pn533, is too large as the nfc_target is not
>>>> properly initialized and retains garbage values. Clear nfc_targets with
>>>> memset() before they are used.
>>>> Found by a modified version of syzkaller.
>>>> BUG: KASAN: slab-out-of-bounds in nla_put
>>>> Call Trace:
>>>>  memcpy
>>>>  nla_put
>>>>  nfc_genl_dump_targets
>>>>  genl_lock_dumpit
>>>>  netlink_dump
>>>>  __netlink_dump_start
>>>>  genl_family_rcv_msg_dumpit
>>>>  genl_rcv_msg
>>>>  netlink_rcv_skb
>>>>  genl_rcv
>>>>  netlink_unicast
>>>>  netlink_sendmsg
>>>>  sock_sendmsg
>>>>  ____sys_sendmsg
>>>>  ___sys_sendmsg
>>>>  __sys_sendmsg
>>>>  do_syscall_64
>>>> Fixes: 673088fb42d0 ("NFC: pn533: Send ATR_REQ directly for active device detection")
>>>> Fixes: 361f3cb7f9cf ("NFC: DEP link hook implementation for pn533")
>>>> Reviewed-by: Krzysztof Kozlowski <>
>>> How did it happen? From where did you get it?
>> I double checked - I did not send it. This is some fake tag. Please do
>> not add fake/invented/created tags with people's names.
> Sorry for my confusion.
> I missed the definition of the tag as I did not read the document
> carefully and misunderstood that the tag simply means I have got a
> reply from maintainers and I should manually attach it if that is
> the case. I will rewrite the patch after I make sure I fully
> understand the whole rules.

The document says:
"By offering my Reviewed-by: tag, I state that:"

You need to receive it explicitly from the reviewer. Once received, but
only then, add to the patch.

Best regards,

Powered by blists - more mailing lists