Re: [PATCH] nfc: nci: assert requested protocol is valid
From: Krzysztof Kozlowski
Date: Thu Sep 07 2023 - 12:00:13 EST
On 07/09/2023 01:33, Jeremy Cline wrote:
> The protocol is used in a bit mask to determine if the protocol is
> supported. Assert the provided protocol is less than the maximum
> defined so it doesn't potentially perform a shift-out-of-bounds and
> provide a clearer error for undefined protocols vs unsupported ones.
>
> Fixes: 6a2968aaf50c ("NFC: basic NCI protocol implementation")
> Reported-and-tested-by: syzbot+0839b78e119aae1fec78@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=0839b78e119aae1fec78
> Signed-off-by: Jeremy Cline <jeremy@xxxxxxxxxx>
> ---
> net/nfc/nci/core.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/net/nfc/nci/core.c b/net/nfc/nci/core.c
> index fff755dde30d..6c9592d05120 100644
> --- a/net/nfc/nci/core.c
> +++ b/net/nfc/nci/core.c
> @@ -909,6 +909,11 @@ static int nci_activate_target(struct nfc_dev *nfc_dev,
> return -EINVAL;
> }
>
> + if (protocol >= NFC_PROTO_MAX) {
> + pr_err("the requested nfc protocol is invalid\n");
> + return -EINVAL;
> + }
This looks OK, but I wonder if protocol 0 (so BIT(0) in the
supported_protocols) is a valid protocol. I looked at the code and it
was nowhere handled.
Original patch from Hilf Danton was also handling it (I wonder why Hilf
did not send his patch...)
https://syzkaller.appspot.com/bug?extid=0839b78e119aae1fec78
Best regards,
Krzysztof