diag: Prevent possible integer overflow while processing cntl pkt



Possible integer overflow while processing control packets received
from peripherals prevented by typecasting the lengths during
buffer boundary check.

Change-Id: Ic29553a8c3422c9e11051d78a6b57a4f921586b9
Signed-off-by: Manoj Prabhu B <bmanoj@codeaurora.org>

parent 4bd3d726

drivers/char/diag/diagfwd_cntl.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -989,7 +989,8 @@ void diag_cntl_process_read_data(struct diagfwd_info p_info, void buf,

		while (read_len + header_len < len) {
		ctrl_pkt = (struct diag_ctrl_pkt_header_t *)ptr;
		if ((read_len + header_len + ctrl_pkt->len) > len)
		if (((size_t)read_len + (size_t)ctrl_pkt->len +
		header_len) > len)
		return;
		switch (ctrl_pkt->pkt_id) {
		case DIAG_CTRL_MSG_REG: