projects / open-ath9k-htc-firmware.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
k2_fw_usb_api: prevent buffer overflow.
[open-ath9k-htc-firmware.git] / target_firmware / magpie_fw_dev / target / hif / k2_fw_usb_api.c
diff --git a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
index b8adbf43600c018df60ac93c4b48c2a8939a8553..0be8a8744ed0f89d5c11cd9085e33b7eea17efa8 100755 (executable)
--- a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
+++ b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
@@ -452,6 +452,11 @@ void vUsb_Reg_Out_patch(void)
     
     // accumulate the size
     cmdLen += usbfifolen;
+    if (cmdLen > buf->desc_list->buf_size) {
+        A_PRINTF("Data length on EP4 FIFO is bigger as allocated buffer data!"
+                 " Drop it!\n");
+        goto ERR;
+    }
     
     // round it to alignment
     if(usbfifolen % 4)
The firmware for QCA AR7010/AR9271 802.11n USB NICs