44e0f15b31d28c57b4061585c33c09fd0b520dbe - kernel/msm-4.19

commit	44e0f15b31d28c57b4061585c33c09fd0b520dbe	[log] [tgz]
author	Dan Carpenter <dan.carpenter@oracle.com>	Tue Aug 14 12:07:48 2018 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	Tue Nov 13 11:08:30 2018 -0800
tree	9d6e84875a8be36a673cb28d5d4c45daf6bcd8b8
parent	14e0b9bba974d41adcc6a2fd66e3ae67e25bb3e5 [diff]

libertas_tf: prevent underflow in process_cmdrequest()

[ Upstream commit 3348ef6a6a126706d6a73ed40c18d8033df72783 ]

If recvlength is less than MESSAGE_HEADER_LEN (4) we would end up
corrupting memory.

Fixes: c305a19a0d0a ("libertas_tf: usb specific functions")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

drivers/net/wireless/marvell/libertas_tf/if_usb.c[diff]

1 file changed

tree: 9d6e84875a8be36a673cb28d5d4c45daf6bcd8b8