Commit 4b97b279 authored by David Fries's avatar David Fries Committed by Greg Kroah-Hartman

w1: avoid potential u16 overflow

Reported-by: default avatarDan Carpenter <dan.carpenter@oracle.com>
Acked-by: default avatarEvgeniy Polyakov <zbr@ioremap.net>
Signed-off-by: default avatarDavid Fries <David@Fries.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent a30cfa47
...@@ -598,7 +598,7 @@ static void w1_cn_callback(struct cn_msg *cn, struct netlink_skb_parms *nsp) ...@@ -598,7 +598,7 @@ static void w1_cn_callback(struct cn_msg *cn, struct netlink_skb_parms *nsp)
msg = (struct w1_netlink_msg *)(cn + 1); msg = (struct w1_netlink_msg *)(cn + 1);
if (node_count) { if (node_count) {
int size; int size;
u16 reply_size = sizeof(*cn) + cn->len + slave_len; int reply_size = sizeof(*cn) + cn->len + slave_len;
if (cn->flags & W1_CN_BUNDLE) { if (cn->flags & W1_CN_BUNDLE) {
/* bundling duplicats some of the messages */ /* bundling duplicats some of the messages */
reply_size += 2 * cmd_count * (sizeof(struct cn_msg) + reply_size += 2 * cmd_count * (sizeof(struct cn_msg) +
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment