[patch] Staging: ozwpan: prevent bogus dereference

Chris Kelly ckelly at ozmodevices.com
Fri Mar 2 16:32:47 UTC 2012


Dan Carpenter wrote:

> app_id comes from the network and can't be trusted.  If it's zero then it will lead to a kernel crash.

> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>

Acked-by: Chris Kelly <ckelly at ozmodevices.com>

Many thanks
Chris

> diff --git a/drivers/staging/ozwpan/ozpd.c b/drivers/staging/ozwpan/ozpd.c index 8c460f0..e3381ad 100644
> --- a/drivers/staging/ozwpan/ozpd.c
>+++ b/drivers/staging/ozwpan/ozpd.c
> @@ -806,7 +806,7 @@ void oz_apps_term(void)  void oz_handle_app_elt(struct oz_pd *pd, u8 app_id, struct > > oz_elt *elt)  {
> 	struct oz_app_if *ai;
>-	if (app_id > OZ_APPID_MAX)
>+	if (app_id == 0 || app_id > OZ_APPID_MAX)
> 		return;
> 	ai = &g_app_if[app_id-1];
> 	ai->rx(pd, elt);





More information about the devel mailing list