Hi Brain, > -----Original Message----- > From: Brian Norris [mailto:briannorris@xxxxxxxxxxxx] > Sent: 2017年4月15日 0:56 > To: Xinming Hu > Cc: Linux Wireless; Kalle Valo; Dmitry Torokhov; rajatja@xxxxxxxxxx; > Amitkumar Karwar; Cathy Luo; Ganapathi Bhat > Subject: [EXT] Re: Re: Re: [PATCH v3 4/4] mwifiex: pcie: extract wifi part from > combo firmware during function level reset > > External Email > > ---------------------------------------------------------------------- > Hi, > > On Fri, Apr 14, 2017 at 03:28:28AM +0000, Xinming Hu wrote: > > According to the firmware download protocol, every CMD should not exceed > MWIFIEX_UPLD_SIZE. > > we can add a sanity check , like, > > if (data_len > MWIFIEX_UPLD_SIZE - sizeof(fwdata->header)) > > *error* > > I was primarily interested in protecting the kernel itself. Once the kernel starts > parsing the firmware, we have to make sure a bad firmware file won't end up > with us looping infinitely, reading/writing invalid memory, or otherwise > exposing security or stability issues. I wasn't necessarily interested in validating > every requirement of the end-point device. For example, we're not bothering > checking the CRCs. I figured that this was all the job of your Wifi card's boot > ROM. > > So, we *can* implement checks like this, but I'd really hope we don't need this > particular one, because your card should be taking care of that. > Got it, we will keep in mind to check the possible overflow in future, either using general protect or under limit by our device requirement. > Please consider reviewing my latest submission. > Sure. Thanks, Simon > Regards, > Brian
