Commit 698bae2e authored by Raveendran Somu's avatar Raveendran Somu Committed by Kalle Valo

brcmfmac: To fix kernel crash on out of boundary access

To truncate the additional bytes, if extra bytes have been received.
Current code only have a warning and proceed without handling it.
But in one of the crash reported by DVT, these causes the
crash intermittently. So the processing is limit to the skb->len.
Signed-off-by: default avatarRaveendran Somu <raveendran.somu@cypress.com>
Signed-off-by: default avatarChi-hsien Lin <chi-hsien.lin@cypress.com>
Signed-off-by: default avatarWright Feng <wright.feng@cypress.com>
Signed-off-by: default avatarKalle Valo <kvalo@codeaurora.org>
Link: https://lore.kernel.org/r/20200604071835.3842-2-wright.feng@cypress.com
parent f555abfe
......@@ -1843,6 +1843,9 @@ void brcmf_fws_hdrpull(struct brcmf_if *ifp, s16 siglen, struct sk_buff *skb)
WARN_ON(siglen > skb->len);
if (siglen > skb->len)
siglen = skb->len;
if (!siglen)
return;
/* if flow control disabled, skip to packet data and leave */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment