Re: [PATCH net v5] nfc: nci: Fix uninit-value in nci_rx_work

From: Krzysztof Kozlowski
Date: Mon May 20 2024 - 05:57:30 EST


On 19/05/2024 11:43, Ryosuke Yasuoka wrote:
> syzbot reported the following uninit-value access issue [1]
>
> nci_rx_work() parses received packet from ndev->rx_q. It should be
> validated header size, payload size and total packet size before
> processing the packet. If an invalid packet is detected, it should be
> silently discarded.
>
> Fixes: d24b03535e5e ("nfc: nci: Fix uninit-value in nci_dev_up and nci_ntf_packet")
> Reported-and-tested-by: syzbot+d7b4dc6cd50410152534@xxxxxxxxxxxxxxxxxxxxxxxxx
> Closes: https://syzkaller.appspot.com/bug?extid=d7b4dc6cd50410152534 [1]
> Signed-off-by: Ryosuke Yasuoka <ryasuoka@xxxxxxxxxx>
> ---
> v5

Reviewed-by: Krzysztof Kozlowski <krzysztof.kozlowski@xxxxxxxxxx>

Best regards,
Krzysztof