iwlwifi: pnvm: don't kmemdup() more than we have

We shouldn't kmemdup() more data than we have, that might cause the code to crash. Fix that by updating the length before the kmemdup. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/iwlwifi.20211016114029.ab0e64c3fba9.Ic6a3295fc384750b51b4270bf0b7d94984a139f2@changeid

iwlwifi: pnvm: don't kmemdup() more than we have
We shouldn't kmemdup() more data than we have, that might cause the code to crash. Fix that by updating the length before the kmemdup. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/iwlwifi.20211016114029.ab0e64c3fba9.Ic6a3295fc384750b51b4270bf0b7d94984a139f2@changeid
0f892441 · Johannes Berg · Kalle Valo · 70382b08 · 0f892441
Commit 0f892441 authored Oct 16, 2021 by Johannes Berg Committed by Kalle Valo Oct 20, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 4 deletions

drivers/net/wireless/intel/iwlwifi/fw/pnvm.c drivers/net/wireless/intel/iwlwifi/fw/pnvm.c +3 -4

No files found.
--- a/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
@@ -284,16 +284,15 @@ int iwl_pnvm_load(struct iwl_trans *trans,
 	/* First attempt to get the PNVM from BIOS */
 	package = iwl_uefi_get_pnvm(trans, &len);
 	if (!IS_ERR_OR_NULL(package)) {
+		/* we need only the data */
+		len -= sizeof(*package);
 		data = kmemdup(package->data, len, GFP_KERNEL);
 		/* free package regardless of whether kmemdup succeeded */
 		kfree(package);
-		if (data) {
+		if (data)
-			/* we need only the data size */
-			len -= sizeof(*package);
 			goto parse;
-		}
 	}
 	/* If it's not available, try from the filesystem */