From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6162B15E84 for ; Mon, 23 Oct 2023 11:30:41 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="l90EOLRX" Received: by smtp.kernel.org (Postfix) with ESMTPSA id CD532C433C8; Mon, 23 Oct 2023 11:30:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1698060641; bh=pLtCdCaPvNSJ92ja+Erjya8GqOJuEprd5M3Bhu+KvYw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=l90EOLRXk09FOIBDLI8uKTzx8Xbc7gzaukL5ermRcuLYBfDq6TvajBf3S9b6/7KGW gEI5JglBbqLuK1XaTHGfhNnXU+aDO7daWF7iVptmIYDSCK2w6H1QC0cDRmDfT/SDO3 yoqdEMX6hsHZnpzUwIiZ+YJ8YWgRrpK8LbfqfWVw= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Jeremy Cline , Simon Horman , Paolo Abeni , Sasha Levin , syzbot+0839b78e119aae1fec78@syzkaller.appspotmail.com Subject: [PATCH 5.4 017/123] nfc: nci: assert requested protocol is valid Date: Mon, 23 Oct 2023 12:56:15 +0200 Message-ID: <20231023104818.322072638@linuxfoundation.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20231023104817.691299567@linuxfoundation.org> References: <20231023104817.691299567@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit 5.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Jeremy Cline [ Upstream commit 354a6e707e29cb0c007176ee5b8db8be7bd2dee0 ] The protocol is used in a bit mask to determine if the protocol is supported. Assert the provided protocol is less than the maximum defined so it doesn't potentially perform a shift-out-of-bounds and provide a clearer error for undefined protocols vs unsupported ones. Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation") Reported-and-tested-by: syzbot+0839b78e119aae1fec78@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=0839b78e119aae1fec78 Signed-off-by: Jeremy Cline Reviewed-by: Simon Horman Link: https://lore.kernel.org/r/20231009200054.82557-1-jeremy@jcline.org Signed-off-by: Paolo Abeni Signed-off-by: Sasha Levin --- net/nfc/nci/core.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c index 57849baf9294d..54b9efb5ae821 100644 --- a/net/nfc/nci/core.c +++ b/net/nfc/nci/core.c @@ -894,6 +894,11 @@ static int nci_activate_target(struct nfc_dev *nfc_dev, return -EINVAL; } + if (protocol >= NFC_PROTO_MAX) { + pr_err("the requested nfc protocol is invalid\n"); + return -EINVAL; + } + if (!(nci_target->supported_protocols & (1 << protocol))) { pr_err("target does not support the requested protocol 0x%x\n", protocol); -- 2.40.1