MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-23 07:23:12 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

watchdog: ziirave_wdt: check record length in ziirave_firm_verify()

Browse Source 
[ Upstream commit 8b61d8ca75 ]

The "rec->len" value comes from the firmware.  We generally do
trust firmware, but it's always better to double check.  If
the length value is too large it would lead to memory corruption
when we set "data[i] = ret;"

Fixes: 217209db02 ("watchdog: ziirave_wdt: Add support to upload the firmware.")
Signed-off-by: Dan Carpenter <dan.carpenter@linaro.org>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Link: https://lore.kernel.org/r/3b58b453f0faa8b968c90523f52c11908b56c346.1748463049.git.dan.carpenter@linaro.org
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Wim Van Sebroeck <wim@linux-watchdog.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Dan Carpenter 2025-05-28 23:22:19 +03:00 committed by Greg Kroah-Hartman
parent a23fa17e6b
commit 9c590ae73c
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
drivers/watchdog/ziirave_wdt.c
View File

@ -302,6 +302,9 @@ static int ziirave_firm_verify(struct watchdog_device *wdd,
const u16 len = be16_to_cpu(rec->len); const u16 len = be16_to_cpu(rec->len);
const u32 addr = be32_to_cpu(rec->addr); const u32 addr = be32_to_cpu(rec->addr);
if (len > sizeof(data))
return -EINVAL;
if (ziirave_firm_addr_readonly(addr)) if (ziirave_firm_addr_readonly(addr))
continue; continue;