Minsuk Kang 9f28157778 nfc: pn533: Clear nfc_target before being used ... Fix a slab-out-of-bounds read that occurs in nla_put() called from nfc_genl_send_target() when target->sensb_res_len, which is duplicated from an nfc_target in pn533, is too large as the nfc_target is not properly initialized and retains garbage values. Clear nfc_targets with memset() before they are used. Found by a modified version of syzkaller. BUG: KASAN: slab-out-of-bounds in nla_put Call Trace: memcpy nla_put nfc_genl_dump_targets genl_lock_dumpit netlink_dump __netlink_dump_start genl_family_rcv_msg_dumpit genl_rcv_msg netlink_rcv_skb genl_rcv netlink_unicast netlink_sendmsg sock_sendmsg ____sys_sendmsg ___sys_sendmsg __sys_sendmsg do_syscall_64 Fixes: 673088fb42 ("NFC: pn533: Send ATR_REQ directly for active device detection") Fixes: 361f3cb7f9 ("NFC: DEP link hook implementation for pn533") Signed-off-by: Minsuk Kang <linuxlovemin@yonsei.ac.kr> Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Link: https://lore.kernel.org/r/20221214015139.119673-1-linuxlovemin@yonsei.ac.kr Signed-off-by: Jakub Kicinski <kuba@kernel.org>		2022-12-14 20:51:29 -08:00
..
i2c.c	nfc: pn533: Convert to i2c's .probe_new()	2022-11-23 12:50:07 -08:00
Kconfig	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
Makefile	nfc: pn533: add UART phy driver	2019-10-29 21:05:26 -07:00
pn533.c	nfc: pn533: Clear nfc_target before being used	2022-12-14 20:51:29 -08:00
pn533.h	nfc: pn533: Constify pn533_phy_ops	2021-10-07 13:35:10 +01:00
uart.c	nfc: pn533: Fix use-after-free bugs caused by pn532_cmd_timeout	2022-08-22 14:51:30 +01:00
usb.c	nfc: pn533: Constify pn533_phy_ops	2021-10-07 13:35:10 +01:00