From: Jakub Kicinski <kuba@kernel.org>
To: Michael Thalmeier <michael.thalmeier@hale.at>
Cc: Deepak Sharma <deepak.sharma.472935@gmail.com>,
Krzysztof Kozlowski <krzk@kernel.org>,
Vadim Fedorenko <vadim.fedorenko@linux.dev>,
Simon Horman <horms@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
Michael Thalmeier <michael@thalmeier.at>,
stable@vger.kernel.org
Subject: Re: [PATCH net v4] net: nfc: nci: Fix parameter validation for packet data
Date: Sun, 4 Jan 2026 10:13:23 -0800 [thread overview]
Message-ID: <20260104101323.1ac8b478@kernel.org> (raw)
In-Reply-To: <20251223072552.297922-1-michael.thalmeier@hale.at>
On Tue, 23 Dec 2025 08:25:52 +0100 Michael Thalmeier wrote:
> diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c
> index 418b84e2b260..a5cafcd10cc3 100644
> --- a/net/nfc/nci/ntf.c
> +++ b/net/nfc/nci/ntf.c
> @@ -380,6 +384,10 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev,
> pr_debug("rf_tech_specific_params_len %d\n",
> ntf.rf_tech_specific_params_len);
>
> + if (skb->len < (data - skb->data) +
> + ntf.rf_tech_specific_params_len + sizeof(ntf.ntf_type))
> + return -EINVAL;
Are we validating ntf.rf_tech_specific_params_len against the
extraction logic in nci_extract_rf_params_nfca_passive_poll()
and friends?
next prev parent reply other threads:[~2026-01-04 18:13 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-23 7:25 [PATCH net v4] net: nfc: nci: Fix parameter validation for packet data Michael Thalmeier
2026-01-04 18:13 ` Jakub Kicinski [this message]
2026-01-07 10:06 ` Michael Thalmeier
2026-01-08 2:15 ` Jakub Kicinski
2026-01-12 8:55 ` Michael Thalmeier
2026-01-07 9:41 ` Juraj Šarinay
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260104101323.1ac8b478@kernel.org \
--to=kuba@kernel.org \
--cc=deepak.sharma.472935@gmail.com \
--cc=horms@kernel.org \
--cc=krzk@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=michael.thalmeier@hale.at \
--cc=michael@thalmeier.at \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
--cc=vadim.fedorenko@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.