mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-29 05:44:11 +00:00
brcmfmac: To fix kernel crash on out of boundary access
To truncate the additional bytes, if extra bytes have been received. Current code only have a warning and proceed without handling it. But in one of the crash reported by DVT, these causes the crash intermittently. So the processing is limit to the skb->len. Signed-off-by: Raveendran Somu <raveendran.somu@cypress.com> Signed-off-by: Chi-hsien Lin <chi-hsien.lin@cypress.com> Signed-off-by: Wright Feng <wright.feng@cypress.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/20200604071835.3842-2-wright.feng@cypress.com
This commit is contained in:
parent
f555abfe29
commit
698bae2e6e
1 changed files with 3 additions and 0 deletions
|
@ -1843,6 +1843,9 @@ void brcmf_fws_hdrpull(struct brcmf_if *ifp, s16 siglen, struct sk_buff *skb)
|
|||
|
||||
WARN_ON(siglen > skb->len);
|
||||
|
||||
if (siglen > skb->len)
|
||||
siglen = skb->len;
|
||||
|
||||
if (!siglen)
|
||||
return;
|
||||
/* if flow control disabled, skip to packet data and leave */
|
||||
|
|
Loading…
Reference in a new issue