Hi, On Fri, Apr 14, 2017 at 03:28:28AM +0000, Xinming Hu wrote: > According to the firmware download protocol, every CMD should not exceed MWIFIEX_UPLD_SIZE. > we can add a sanity check , like, > if (data_len > MWIFIEX_UPLD_SIZE - sizeof(fwdata->header)) > *error* I was primarily interested in protecting the kernel itself. Once the kernel starts parsing the firmware, we have to make sure a bad firmware file won't end up with us looping infinitely, reading/writing invalid memory, or otherwise exposing security or stability issues. I wasn't necessarily interested in validating every requirement of the end-point device. For example, we're not bothering checking the CRCs. I figured that this was all the job of your Wifi card's boot ROM. So, we *can* implement checks like this, but I'd really hope we don't need this particular one, because your card should be taking care of that. Please consider reviewing my latest submission. Regards, Brian
