projects / linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c410c19) | patch
NFC: llcp: Limit size of SDP URI
authorKees Cook <keescook@chromium.org>
Wed, 14 Feb 2018 23:45:07 +0000 (15:45 -0800)
committerDavid S. Miller <davem@davemloft.net>
Fri, 16 Feb 2018 20:16:05 +0000 (15:16 -0500)
commitfe9c842695e26d8116b61b80bfb905356f07834b
tree4290060a267efbab9953477c6e8a0e5751be97e2tree | snapshot
parentc410c1966fe6fcfb23bcac0924aaa6a6e7449829commit | diff
NFC: llcp: Limit size of SDP URI

The tlv_len is u8, so we need to limit the size of the SDP URI. Enforce
this both in the NLA policy and in the code that performs the allocation
and copy, to avoid writing past the end of the allocated buffer.

Fixes: d9b8d8e19b073 ("NFC: llcp: Service Name Lookup netlink interface")
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/nfc/llcp_commands.c diff | blob | blame | history
net/nfc/netlink.c diff | blob | blame | history
Linux Project Source (from git://github.com/torvalds/linux)