linux/net/nfc
Dan Carpenter e9a4aa3ba3 NFC: llcp: integer underflow in nfc_llcp_set_remote_gb()
If gb_len is less than 3 it would cause an integer underflow and
possibly memory corruption in nfc_llcp_parse_gb_tlv().

I removed the old test for gb_len == 0.  I also removed the test for
->remote_gb == NULL.  It's not possible for ->remote_gb to be NULL and
we have already dereferenced ->remote_gb_len so it's too late to test.

The old test return -ENODEV but my test returns -EINVAL.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-02-08 14:51:31 -05:00
..
hci NFC: Initial Secure Element API 2013-01-10 00:51:54 +01:00
llcp NFC: llcp: integer underflow in nfc_llcp_set_remote_gb() 2013-02-08 14:51:31 -05:00
nci NFC: Initial Secure Element API 2013-01-10 00:51:54 +01:00
af_nfc.c
core.c NFC: Initial Secure Element API 2013-01-10 00:51:54 +01:00
Kconfig NFC: Remove CONFIG_EXPERIMENTAL 2012-10-26 18:26:52 +02:00
Makefile
netlink.c NFC: Initial Secure Element API 2013-01-10 00:51:54 +01:00
nfc.h NFC: Extend netlink interface for LTO, RW, and MIUX parameters support 2012-10-29 00:25:11 +01:00
rawsock.c NFC: Fix some code style and whitespace issues 2012-10-26 18:26:52 +02:00