Dan Carpenter wrote:
> app_id comes from the network and can't be trusted. If it's zero then it will lead to a kernel crash.
> Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx>
Acked-by: Chris Kelly <ckelly@xxxxxxxxxxxxxxx>
Many thanks
Chris
> diff --git a/drivers/staging/ozwpan/ozpd.c b/drivers/staging/ozwpan/ozpd.c index 8c460f0..e3381ad 100644
> --- a/drivers/staging/ozwpan/ozpd.c
>+++ b/drivers/staging/ozwpan/ozpd.c
> @@ -806,7 +806,7 @@ void oz_apps_term(void) void oz_handle_app_elt(struct oz_pd *pd, u8 app_id, struct > > oz_elt *elt) {
> struct oz_app_if *ai;
>- if (app_id > OZ_APPID_MAX)
>+ if (app_id == 0 || app_id > OZ_APPID_MAX)
> return;
> ai = &g_app_if[app_id-1];
> ai->rx(pd, elt);
_______________________________________________
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxx
http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
