evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/include
History
Suren Baghdasaryan b413ee0476 NFC: Fix the number of pipes 
commit e285d5bfb7e9785d289663baef252dd315e171f8 upstream.

According to ETSI TS 102 622 specification chapter 4.4 pipe identifier
is 7 bits long which allows for 128 unique pipe IDs. Because
NFC_HCI_MAX_PIPES is used as the number of pipes supported and not
as the max pipe ID, its value should be 128 instead of 127.

nfc_hci_recv_from_llc extracts pipe ID from packet header using
NFC_HCI_FRAGMENT(0x7F) mask which allows for pipe ID value of 127.
Same happens when NCI_HCP_MSG_GET_PIPE() is being used. With
pipes array having only 127 elements and pipe ID of 127 the OOB memory
access will result.

Cc: Samuel Ortiz <sameo@linux.intel.com>
Cc: Allen Pais <allen.pais@oracle.com>
Cc: "David S. Miller" <davem@davemloft.net>
Suggested-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Suren Baghdasaryan <surenb@google.com>
Reviewed-by: Kees Cook <keescook@chromium.org>
Cc: stable <stable@vger.kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-09-29 03:08:51 -07:00
..
acpi Merge branch 'acpi-pci' 2015-11-07 01:30:10 +01:00
asm-generic ioremap: Update pgtable free interfaces with addr 2018-08-17 20:56:45 +02:00
clocksource
crypto crypto: vmac - separate tfm and request context 2018-08-17 20:56:45 +02:00
drm drm: Add DP PSR2 sink enable bit 2018-08-06 16:24:39 +02:00
dt-bindings ARM: dts: Fix omap3 off mode pull defines 2017-11-21 09:21:19 +01:00
keys
kvm KVM: arm/arm64: arch_timer: Preserve physical dist. active state on LR.active 2015-11-24 18:07:40 +01:00
linux mm: get rid of vmacache_flush_all() entirely 2018-09-19 22:49:00 +02:00
math-emu
media videobuf2-core: Check user space planes array in dqbuf 2016-05-04 14:48:50 -07:00
memory
misc
net NFC: Fix the number of pipes 2018-09-29 03:08:51 -07:00
pcmcia
ras
rdma IB/core: Make testing MR flags for writability a static inline function 2018-08-15 17:42:06 +02:00
rxrpc
scsi scsi: sg: disable SET_FORCE_LOW_DMA 2018-01-23 19:50:14 +01:00
soc memory: tegra: Apply interrupts mask per SoC 2018-08-06 16:24:38 +02:00
sound ALSA: control: Hardening for potential Spectre v1 2018-05-02 07:53:41 -07:00
target target: Avoid early CMD_T_PRE_EXECUTE failures during ABORT_TASK 2018-01-17 09:35:31 +01:00
trace tracing/hrtimer: Fix tracing bugs by taking all clock bases and modes into account 2018-05-30 07:48:52 +02:00
uapi ethtool: Remove trailing semicolon for static inline 2018-09-19 22:48:56 +02:00
video udlfb: set optimal write delay 2018-09-09 20:04:36 +02:00
xen fix xen_swiotlb_dma_mmap prototype 2017-10-05 09:41:48 +02:00
Kbuild