commit | 2357ecbfa1b21a93f99b83dae7bad6ae341d03bf | [log] [tgz] |
---|---|---|
author | Lior David <liord@codeaurora.org> | Mon Oct 16 20:39:31 2017 +0300 |
committer | Lior David <liord@codeaurora.org> | Thu Oct 19 11:33:53 2017 +0300 |
tree | 9d0e587c9ee659c20efed6e56461495e3b695c71 | |
parent | 1ded649ba856528f51229b40dddaa7f8a34e0ab1 [diff] |
wil6210: fix length check in __wmi_send The current length check: sizeof(cmd) + len > r->entry_size will allow very large values of len (> U16_MAX - sizeof(cmd)) and can cause a buffer overflow. Fix the check to cover this case. In addition, ensure the mailbox entry_size is not too small, since this can also bypass the above check. Change-Id: Iecb4f53ef05da0e015bc954b57b0e40debb7c8b7 Signed-off-by: Lior David <liord@codeaurora.org>