mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-03 00:54:09 +08:00
d24b03535e
syzbot reported the following uninit-value access issue [1][2]:
nci_rx_work() parses and processes received packet. When the payload
length is zero, each message type handler reads uninitialized payload
and KMSAN detects this issue. The receipt of a packet with a zero-size
payload is considered unexpected, and therefore, such packets should be
silently discarded.
This patch resolved this issue by checking payload size before calling
each message type handler codes.
Fixes:
|
||
---|---|---|
.. | ||
hci | ||
nci | ||
af_nfc.c | ||
core.c | ||
digital_core.c | ||
digital_dep.c | ||
digital_technology.c | ||
digital.h | ||
Kconfig | ||
llcp_commands.c | ||
llcp_core.c | ||
llcp_sock.c | ||
llcp.h | ||
Makefile | ||
netlink.c | ||
nfc.h | ||
rawsock.c |