From: Dan Carpenter <dan.carpenter@oracle.com>
To: Frans Klaver <fransklaver@gmail.com>
Cc: Lauro Ramos Venancio <lauro.venancio@openbossa.org>,
Eric Lapuyade <eric.lapuyade@linux.intel.com>,
Aloisio Almeida Jr <aloisio.almeida@openbossa.org>,
Samuel Ortiz <sameo@linux.intel.com>,
"John W. Linville" <linville@tuxdriver.com>,
Jeff Kirsher <jeffrey.t.kirsher@intel.com>,
linux-wireless@vger.kernel.org, linux-nfc@ml01.01.org,
kernel-janitors@vger.kernel.org,
Kees Cook <keescook@chromium.org>
Subject: Re: [patch -RESEND] NFC: potential overflows in microread_target_discovered()
Date: Tue, 2 Sep 2014 11:54:36 +0300 [thread overview]
Message-ID: <20140902085436.GE6549@mwanda> (raw)
In-Reply-To: <CAH6sp9NXUtOpagcaKOTJUH4m=2YcdeVoKDU4AHSvzyr+qcsFTA@mail.gmail.com>
On Tue, Sep 02, 2014 at 09:02:36AM +0200, Frans Klaver wrote:
> > diff --git a/drivers/nfc/microread/microread.c b/drivers/nfc/microread/microread.c
> > index f868333271aa..963a4a5dc88e 100644
> > --- a/drivers/nfc/microread/microread.c
> > +++ b/drivers/nfc/microread/microread.c
> > @@ -501,9 +501,13 @@ static void microread_target_discovered(struct nfc_hci_dev *hdev, u8 gate,
> > targets->sens_res =
> > be16_to_cpu(*(u16 *)&skb->data[MICROREAD_EMCF_A_ATQA]);
> > targets->sel_res = skb->data[MICROREAD_EMCF_A_SAK];
> > - memcpy(targets->nfcid1, &skb->data[MICROREAD_EMCF_A_UID],
> > - skb->data[MICROREAD_EMCF_A_LEN]);
> > targets->nfcid1_len = skb->data[MICROREAD_EMCF_A_LEN];
> > + if (targets->nfcid1_len > sizeof(targets->nfcid1)) {
>
> You should probably compare against sizeof(*targets->nfcid1).
>
No. It's an array not a pointer.
You should make a small test program to test your ideas.
int main(void)
{
char buf[10];
printf("%d %d\n", sizeof(buf), sizeof(*buf));
return 0;
}
regards,
dan carpenter
next prev parent reply other threads:[~2014-09-02 8:55 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-09-01 17:27 [patch -RESEND] NFC: potential overflows in microread_target_discovered() Dan Carpenter
2014-09-02 7:02 ` Frans Klaver
2014-09-02 8:54 ` Dan Carpenter [this message]
2014-09-02 8:57 ` Frans Klaver
2014-09-04 23:03 ` Samuel Ortiz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140902085436.GE6549@mwanda \
--to=dan.carpenter@oracle.com \
--cc=aloisio.almeida@openbossa.org \
--cc=eric.lapuyade@linux.intel.com \
--cc=fransklaver@gmail.com \
--cc=jeffrey.t.kirsher@intel.com \
--cc=keescook@chromium.org \
--cc=kernel-janitors@vger.kernel.org \
--cc=lauro.venancio@openbossa.org \
--cc=linux-nfc@ml01.01.org \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=sameo@linux.intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).