]> git.baikalelectronics.ru Git - kernel.git/commitdiff
nfc: nci: assert requested protocol is valid
authorJeremy Cline <jeremy@jcline.org>
Mon, 9 Oct 2023 20:00:54 +0000 (16:00 -0400)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 19 Oct 2023 21:08:54 +0000 (23:08 +0200)
[ Upstream commit 354a6e707e29cb0c007176ee5b8db8be7bd2dee0 ]

The protocol is used in a bit mask to determine if the protocol is
supported. Assert the provided protocol is less than the maximum
defined so it doesn't potentially perform a shift-out-of-bounds and
provide a clearer error for undefined protocols vs unsupported ones.

Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation")
Reported-and-tested-by: syzbot+0839b78e119aae1fec78@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=0839b78e119aae1fec78
Signed-off-by: Jeremy Cline <jeremy@jcline.org>
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://lore.kernel.org/r/20231009200054.82557-1-jeremy@jcline.org
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/nfc/nci/core.c

index 4ffdf2f45c4447a611040c1e6025dd20d3a2cc58..7535afd1537e9367aa7c7e22f93fb555e8320c5f 100644 (file)
@@ -908,6 +908,11 @@ static int nci_activate_target(struct nfc_dev *nfc_dev,
                return -EINVAL;
        }
 
+       if (protocol >= NFC_PROTO_MAX) {
+               pr_err("the requested nfc protocol is invalid\n");
+               return -EINVAL;
+       }
+
        if (!(nci_target->supported_protocols & (1 << protocol))) {
                pr_err("target does not support the requested protocol 0x%x\n",
                       protocol);