TechPanelGM/kernel_xiaomi_sm8250
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bus: mhi: fix potential out-of-bound access

Browse Source 
In the mhi_sat_isvalid_header function if the length is less than
the size of header then there can be out-of-bound access.

So fix the len check in the function.

Change-Id: I80f1556557b1bf2f30c07f6377bd6e3db48712b3
Signed-off-by: Krishna chaitanya chundru <quic_krichai@quicinc.com>
Signed-off-by: Paras Sharma <quic_parass@quicinc.com>
This commit is contained in:
Paras Sharma
2023-06-16 10:27:03 +05:30
parent 759c5fad24
commit 1cebc8ce23
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
drivers/bus/mhi/devices/mhi_satellite.c
View File

@@ -358,7 +358,7 @@ static struct mhi_sat_device *find_sat_dev_by_id(
static bool mhi_sat_isvalid_header(struct sat_header *hdr, int len) static bool mhi_sat_isvalid_header(struct sat_header *hdr, int len)
{ {
/* validate payload size */ /* validate payload size */
if (len >= sizeof(*hdr) && (len != hdr->payload_size + sizeof(*hdr))) if (len < sizeof(*hdr) || len != hdr->payload_size + sizeof(*hdr))
return false; return false;
/* validate SAT IPC version */ /* validate SAT IPC version */