Re: [PATCH v2] nfc: hci: fix OOB heap read on short HCP frames

Next message: Nhat Pham: "Re: [PATCH v6 7/8] selftest/cgroup: fix zswap attempt_writeback() on 64K pagesize system"
Previous message: Jakub Kicinski: "Re: [PATCH net-next v2 1/2] keys, dns: drop unused upayload-&gt;data NUL terminator"
In reply to: Jakub Kicinski: "Re: [PATCH v2] nfc: hci: fix OOB heap read on short HCP frames"
Next in thread: Ashutosh Desai: "[PATCH v3] nfc: hci: fix out-of-bounds read in HCP header parsing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Ashutosh Desai

Date: Sun Apr 12 2026 - 20:06:44 EST

On Sun, 12 Apr 2026 13:42:18 -0700 Jakub Kicinski wrote:
> As Eric mentioned elsewhere - he did not suggest any of this,
> merely reviewed your submission.

Agree, that tag was incorrect on my part. Will remove it in the
next version.

> How did a broken packet get enqueued in the first place?

You are right to point that out. nfc_hci_recv_from_llc() already
gates the queue with pskb_may_pull(), so a short skb cannot reach
nfc_hci_msg_rx_work() to begin with. The same holds for the nci
path. Those two checks are redundant and will be dropped in v3.