git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
	Tue, 13 Jan 2026 20:24:58 +0000 (17:24 -0300)
committer	Jakub Kicinski <kuba@kernel.org>
	Sun, 18 Jan 2026 02:02:50 +0000 (18:02 -0800)
commit	f40ddcc0c0ca1a0122a7f4440b429f97d5832bdf
tree	4d04565de3731999716a05ee92b7af9958022396	tree \| snapshot
parent	a92a6c50e35b75a8021265507f3c2a9084df0b94	commit \| diff

Revert "nfc/nci: Add the inconsistency check between the input data length and count"

This reverts commit 068648aab72c9ba7b0597354ef4d81ffaac7b979.

NFC packets may have NUL-bytes. Checking for string length is not a correct
assumption here. As long as there is a check for the length copied from
copy_from_user, all should be fine.

The fix only prevented the syzbot reproducer from triggering the bug
because the packet is not enqueued anymore and the code that triggers the
bug is not exercised.

The fix even broke
testing/selftests/nci/nci_dev, making all tests there fail. After the
revert, 6 out of 8 tests pass.

Fixes: 068648aab72c ("nfc/nci: Add the inconsistency check between the input data length and count")
Cc: stable@vger.kernel.org
Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Link: https://patch.msgid.link/20260113202458.449455-1-cascardo@igalia.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>