From: Oleksij Rempel <linux@rempel-privat.de>
Date: Thu, 18 Jul 2013 14:44:46 +0000 (+0200)
Subject: k2_fw_usb_api: prevent buffer overflow.
X-Git-Tag: 1.4.0~11^2~7
X-Git-Url: https://jxself.org/git/?p=open-ath9k-htc-firmware.git;a=commitdiff_plain;h=e3e96797ec020bba955ae59e173044987e5d4806

k2_fw_usb_api: prevent buffer overflow.

This was reproduced on intel USB 3.0 controller.
After getting corrupt packet we was jumping bejond allocated buffer.
Insted of oopsing we can at lest warn hier.

Signed-off-by: Oleksij Rempel <linux@rempel-privat.de>
---

diff --git a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
index b8adbf4..0be8a87 100755
--- a/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
+++ b/target_firmware/magpie_fw_dev/target/hif/k2_fw_usb_api.c
@@ -452,6 +452,11 @@ void vUsb_Reg_Out_patch(void)
     
     // accumulate the size
     cmdLen += usbfifolen;
+    if (cmdLen > buf->desc_list->buf_size) {
+        A_PRINTF("Data length on EP4 FIFO is bigger as allocated buffer data!"
+                 " Drop it!\n");
+        goto ERR;
+    }
     
     // round it to alignment
     if(usbfifolen % 4)