Hi Dan, > From: Dan Rosenberg [mailto:dan.j.rosenberg@xxxxxxxxx] > Sent: Thursday, June 21, 2012 10:56 PM > To: lauro.venancio@xxxxxxxxxxxxx; > aloisio.almeida@xxxxxxxxxxxxx; sameo@xxxxxxxxxxxxxxx; David > Miller; Elias, Ilan > Cc: linux-kernel@xxxxxxxxxxxxxxx; security@xxxxxxxxxx; > linux-netdev@xxxxxxxxxxxxxxx > Subject: [PATCH] NFC: prevent multiple buffer overflows in NCI > > Fix multiple remotely-exploitable stack-based buffer > overflows due to the NCI > code pulling length fields directly from incoming frames and > copying too much > data into statically-sized arrays. Fortunately, there don't > appear to be any > active users of this code (yet). > > This patch fixes the overflows, but I suspect the code will need to be > completely reworked since this doesn't address the more > systemic problem of > failing to check that the values read from incoming frame > data aren't from > beyond the end of the pulled skb data. Build tested only. > > Signed-off-by: Dan Rosenberg <dan.j.rosenberg@xxxxxxxxx> > Cc: stable@xxxxxxxxxx > Cc: security@xxxxxxxxxx > Cc: Lauro Ramos Venancio <lauro.venancio@xxxxxxxxxxxxx> > Cc: Aloisio Almeida Jr <aloisio.almeida@xxxxxxxxxxxxx> > Cc: Samuel Ortiz <sameo@xxxxxxxxxxxxxxx> > Cc: David S. Miller <davem@xxxxxxxxxxxxx> > Cc: Ilan Elias <ilane@xxxxxx> Acked-by: Ilan Elias <ilane@xxxxxx> Thanks & BR, Ilan -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/