[patch] Staging: ozwpan: prevent bogus dereference

Dan Carpenter dan.carpenter at oracle.com
Fri Mar 2 06:59:55 UTC 2012


app_id comes from the network and can't be trusted.  If it's zero then
it will lead to a kernel crash.

Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>

diff --git a/drivers/staging/ozwpan/ozpd.c b/drivers/staging/ozwpan/ozpd.c
index 8c460f0..e3381ad 100644
--- a/drivers/staging/ozwpan/ozpd.c
+++ b/drivers/staging/ozwpan/ozpd.c
@@ -806,7 +806,7 @@ void oz_apps_term(void)
 void oz_handle_app_elt(struct oz_pd *pd, u8 app_id, struct oz_elt *elt)
 {
 	struct oz_app_if *ai;
-	if (app_id > OZ_APPID_MAX)
+	if (app_id == 0 || app_id > OZ_APPID_MAX)
 		return;
 	ai = &g_app_if[app_id-1];
 	ai->rx(pd, elt);



More information about the devel mailing list