RE: [PATCH] NFC: prevent multiple buffer overflows in NCI

[Elias, Ilan]

Hi Dan,  

> From: Dan Rosenberg [mailto:dan.j.rosenberg@xxxxxxxxx] 
> Sent: Thursday, June 21, 2012 10:56 PM
> To: lauro.venancio@xxxxxxxxxxxxx; 
> aloisio.almeida@xxxxxxxxxxxxx; sameo@xxxxxxxxxxxxxxx; David 
> Miller; Elias, Ilan
> Cc: linux-kernel@xxxxxxxxxxxxxxx; security@xxxxxxxxxx; 
> linux-netdev@xxxxxxxxxxxxxxx
> Subject: [PATCH] NFC: prevent multiple buffer overflows in NCI
> 
> Fix multiple remotely-exploitable stack-based buffer 
> overflows due to the NCI
> code pulling length fields directly from incoming frames and 
> copying too much
> data into statically-sized arrays. Fortunately, there don't 
> appear to be any
> active users of this code (yet).
> 
> This patch fixes the overflows, but I suspect the code will need to be
> completely reworked since this doesn't address the more 
> systemic problem of
> failing to check that the values read from incoming frame 
> data aren't from
> beyond the end of the pulled skb data. Build tested only.
> 
> Signed-off-by: Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx>
> Cc: stable@xxxxxxxxxx
> Cc: security@xxxxxxxxxx
> Cc: Lauro Ramos Venancio <lauro.venancio@xxxxxxxxxxxxx>
> Cc: Aloisio Almeida Jr <aloisio.almeida@xxxxxxxxxxxxx>
> Cc: Samuel Ortiz <sameo@xxxxxxxxxxxxxxx>
> Cc: David S. Miller <davem@xxxxxxxxxxxxx>
> Cc: Ilan Elias <ilane@xxxxxx>
Acked-by: Ilan Elias <ilane@xxxxxx>

Thanks & BR,
Ilan
 --
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/