Commit c2c65cd2 authored Oct 29, 2013 by Dan Carpenter Committed by Linus Torvalds Oct 30, 2013

staging: ozwpan: prevent overflow in oz_cdev_write()



We need to check "count" so we don't overflow the ei->data buffer.

Reported-by: Nico Golde <nico@ngolde.de>
Reported-by: Fabian Yamaguchi <fabs@goesec.de>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Cc: stable@kernel.org
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 201f99f1

drivers/staging/ozwpan/ozcdev.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -155,6 +155,9 @@ static ssize_t oz_cdev_write(struct file filp, const char __user buf,
		struct oz_app_hdr *app_hdr;
		struct oz_serial_ctx *ctx;

		if (count > sizeof(ei->data) - sizeof(elt) - sizeof(app_hdr))
		return -EINVAL;

		spin_lock_bh(&g_cdev.lock);
		pd = g_cdev.active_pd;
		if (pd)