projects
/
open-ath9k-htc-firmware.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
k2_fw_usb_api: prevent buffer overflow.
[open-ath9k-htc-firmware.git]
/
target_firmware
/
magpie_fw_dev
/
target
/
hif
/
k2_fw_usb_api.c
diff --git
a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
index b8adbf43600c018df60ac93c4b48c2a8939a8553..0be8a8744ed0f89d5c11cd9085e33b7eea17efa8 100755
(executable)
--- a/
target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
+++ b/
target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
@@
-452,6
+452,11
@@
void vUsb_Reg_Out_patch(void)
// accumulate the size
cmdLen += usbfifolen;
+ if (cmdLen > buf->desc_list->buf_size) {
+ A_PRINTF("Data length on EP4 FIFO is bigger as allocated buffer data!"
+ " Drop it!\n");
+ goto ERR;
+ }
// round it to alignment
if(usbfifolen % 4)