wlcore: check minimum buffer size in some cmd_send functions
Check for the minimum required buffer length in wlcore_cmd_send() and wlcore_cmd_configure_failsafe. This ensures that we will never try to use a buffer that is smaller than the required header. Reported-by: Dan Carpenter <dan.carpenter@oracle.com> Signed-off-by: Luciano Coelho <luciano.coelho@intel.com> Signed-off-by: John W. Linville <linville@tuxdriver.com>
This commit is contained in:
parent
0d4b5c7c08
commit
f5b8f4790b
@ -64,6 +64,9 @@ static int __wlcore_cmd_send(struct wl1271 *wl, u16 id, void *buf,
|
||||
id != CMD_STOP_FWLOGGER))
|
||||
return -EIO;
|
||||
|
||||
if (WARN_ON_ONCE(len < sizeof(*cmd)))
|
||||
return -EIO;
|
||||
|
||||
cmd = buf;
|
||||
cmd->id = cpu_to_le16(id);
|
||||
cmd->status = 0;
|
||||
@ -891,6 +894,9 @@ int wlcore_cmd_configure_failsafe(struct wl1271 *wl, u16 id, void *buf,
|
||||
|
||||
wl1271_debug(DEBUG_CMD, "cmd configure (%d)", id);
|
||||
|
||||
if (WARN_ON_ONCE(len < sizeof(*acx)))
|
||||
return -EIO;
|
||||
|
||||
acx->id = cpu_to_le16(id);
|
||||
|
||||
/* payload length, does not include any headers */
|
||||
|
Loading…
Reference in New Issue
Block a user