mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-12-01 08:04:22 +08:00
staging: ozwpan: prevent overflow in oz_cdev_write()
We need to check "count" so we don't overflow the ei->data buffer. Reported-by: Nico Golde <nico@ngolde.de> Reported-by: Fabian Yamaguchi <fabs@goesec.de> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
201f99f170
commit
c2c65cd2e1
@ -155,6 +155,9 @@ static ssize_t oz_cdev_write(struct file *filp, const char __user *buf,
|
||||
struct oz_app_hdr *app_hdr;
|
||||
struct oz_serial_ctx *ctx;
|
||||
|
||||
if (count > sizeof(ei->data) - sizeof(*elt) - sizeof(*app_hdr))
|
||||
return -EINVAL;
|
||||
|
||||
spin_lock_bh(&g_cdev.lock);
|
||||
pd = g_cdev.active_pd;
|
||||
if (pd)
|
||||
|
Loading…
Reference in New Issue
Block a user