From: Luca Coelho <luca@coelho.fi>
To: kvalo@codeaurora.org
Cc: luca@coelho.fi, linux-wireless@vger.kernel.org
Subject: [PATCH for v5.15 3/5] iwlwifi: pnvm: don't kmemdup() more than we have
Date: Sat, 16 Oct 2021 11:43:57 +0300 [thread overview]
Message-ID: <iwlwifi.20211016114029.ab0e64c3fba9.Ic6a3295fc384750b51b4270bf0b7d94984a139f2@changeid> (raw)
In-Reply-To: <20211016084359.246930-1-luca@coelho.fi>
From: Johannes Berg <johannes.berg@intel.com>
We shouldn't kmemdup() more data than we have, that might
cause the code to crash. Fix that by updating the length
before the kmemdup.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: Luca Coelho <luciano.coelho@intel.com>
---
drivers/net/wireless/intel/iwlwifi/fw/pnvm.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c b/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
index dde22bdc8703..9b0eee53488a 100644
--- a/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
@@ -284,16 +284,15 @@ int iwl_pnvm_load(struct iwl_trans *trans,
/* First attempt to get the PNVM from BIOS */
package = iwl_uefi_get_pnvm(trans, &len);
if (!IS_ERR_OR_NULL(package)) {
+ /* we need only the data */
+ len -= sizeof(*package);
data = kmemdup(package->data, len, GFP_KERNEL);
/* free package regardless of whether kmemdup succeeded */
kfree(package);
- if (data) {
- /* we need only the data size */
- len -= sizeof(*package);
+ if (data)
goto parse;
- }
}
/* If it's not available, try from the filesystem */
--
2.33.0
next prev parent reply other threads:[~2021-10-16 8:44 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-16 8:43 [PATCH for v5.15 0/5] iwlwifi: fixes intended for v5.15 2021-10-16 Luca Coelho
2021-10-16 8:43 ` [PATCH for v5.15 1/5] iwlwifi: mvm: reset PM state on unsuccessful resume Luca Coelho
2021-10-20 9:31 ` Kalle Valo
2021-10-16 8:43 ` [PATCH for v5.15 2/5] iwlwifi: change all JnP to NO-160 configuration Luca Coelho
2021-10-16 8:43 ` Luca Coelho [this message]
2021-10-16 8:43 ` [PATCH for v5.15 4/5] iwlwifi: pnvm: read EFI data only if long enough Luca Coelho
2021-10-16 8:43 ` [PATCH for v5.15 5/5] iwlwifi: cfg: set low-latency-xtal for some integrated So devices Luca Coelho
2021-10-18 7:55 ` [PATCH for v5.15 0/5] iwlwifi: fixes intended for v5.15 2021-10-16 Kalle Valo
2021-10-22 6:32 ` Luca Coelho
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=iwlwifi.20211016114029.ab0e64c3fba9.Ic6a3295fc384750b51b4270bf0b7d94984a139f2@changeid \
--to=luca@coelho.fi \
--cc=kvalo@codeaurora.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.