We don't currently do any verification of the firmware that we attempt to load, and it is possible to cause a kernel oops. For example, see <http://marc.info/?l=orinoco-users&m=123411762524637> This series introduces a few nominal checks to reject files which are incorrectly formatted, and then makes sure that we do not attempt to read data outside the firmware. It is still possible to load a duff firmware. However it shouldn't be possible to cause any permanent damage. Hopefully it can't oops either. Signed-off-by: David Kilroy <kilroyd@xxxxxxxxxxxxxx> --- David Kilroy (2): orinoco: validate firmware header orinoco: prevent accessing memory outside the firmware image drivers/net/wireless/orinoco/fw.c | 49 +++++++++++++-- drivers/net/wireless/orinoco/hermes_dld.c | 99 +++++++++++++++-------------- drivers/net/wireless/orinoco/hermes_dld.h | 12 +++- 3 files changed, 104 insertions(+), 56 deletions(-) -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
