xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

staging: gdm724x: check for overflow in gdm_lte_netif_rx()

Browse Source 
[ Upstream commit 7002b526f4ff1f6da34356e67085caafa6be383a ]

This code assumes that "len" is at least 62 bytes, but we need a check
to prevent a read overflow.

Fixes: 61e1210476 ("staging: gdm7240: adding LTE USB driver")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Link: https://lore.kernel.org/r/YMcoTPsCYlhh2TQo@mwanda
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Dan Carpenter
2021-06-14 12:58:36 +03:00
committed by Greg Kroah-Hartman
parent f937370610
commit 7bc3fa5db4
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
drivers/staging/gdm724x/gdm_lte.c
View File

@@ -611,10 +611,12 @@ static void gdm_lte_netif_rx(struct net_device *dev, char *buf,
* bytes (99,130,83,99 dec) * bytes (99,130,83,99 dec)
*/ */
} __packed; } __packed;
void *addr = buf + sizeof(struct iphdr) + int offset = sizeof(struct iphdr) +
sizeof(struct udphdr) + sizeof(struct udphdr) +
offsetof(struct dhcp_packet, chaddr); offsetof(struct dhcp_packet, chaddr);
ether_addr_copy(nic->dest_mac_addr, addr); if (offset + ETH_ALEN > len)
return;
ether_addr_copy(nic->dest_mac_addr, buf + offset);
} }
} }