Re: [PATCH net v4] net: nfc: nci: Fix parameter validation for packet data

4 Jan 2026

On Tue, 23 Dec 2025 08:25:52 +0100 Michael Thalmeier wrote:
...

diff --git a/net/nfc/nci/ntf.c b/net/nfc/nci/ntf.c
index 418b84e2b260..a5cafcd10cc3 100644
--- a/net/nfc/nci/ntf.c
+++ b/net/nfc/nci/ntf.c
...
@@ -380,6 +384,10 @@ static int nci_rf_discover_ntf_packet(struct nci_dev *ndev,
   pr_debug("rf_tech_specific_params_len %d\n",
   	 ntf.rf_tech_specific_params_len);

if (skb->len < (data - skb->data) +
	ntf.rf_tech_specific_params_len + sizeof(ntf.ntf_type))


return -EINVAL;



Are we validating ntf.rf_tech_specific_params_len against the
extraction logic in nci_extract_rf_params_nfca_passive_poll()
and friends?

    