linux/net/nfc/llcp
Dan Carpenter e9a4aa3ba3 NFC: llcp: integer underflow in nfc_llcp_set_remote_gb()
If gb_len is less than 3 it would cause an integer underflow and
possibly memory corruption in nfc_llcp_parse_gb_tlv().

I removed the old test for gb_len == 0.  I also removed the test for
->remote_gb == NULL.  It's not possible for ->remote_gb to be NULL and
we have already dereferenced ->remote_gb_len so it's too late to test.

The old test return -ENODEV but my test returns -EINVAL.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: John W. Linville <linville@tuxdriver.com>
2013-02-08 14:51:31 -05:00
..
commands.c NFC: Add support for SO_TIMESTAMP LLCP socket option 2013-01-10 00:44:24 +01:00
Kconfig NFC: Remove CONFIG_EXPERIMENTAL from the LLCP Makefile 2012-10-26 18:26:52 +02:00
llcp.c NFC: llcp: integer underflow in nfc_llcp_set_remote_gb() 2013-02-08 14:51:31 -05:00
llcp.h NFC: llcp: Remove the tx backlog queue 2013-01-10 00:44:31 +01:00
sock.c NFC: Use skb_copy_datagram_iovec 2013-01-11 14:56:32 +01:00