ANDROID: NFC: st21nfca: Fix out of bounds kernel access when handling ATR_REQ

Out of bounds kernel accesses in st21nfca's NFC HCI layer
might happen when handling ATR_REQ events if user-specified
atr_req->length is bigger than the buffer size. In
that case memcpy() inside st21nfca_tm_send_atr_res() will
read extra bytes resulting in OOB read from the kernel heap.

Bug: 62679012

Signed-off-by: Suren Baghdasaryan <surenb@google.com>

0 files changed, 0 insertions, 0 deletions