From 78f857f265241dfa6f343d75b45e8b30935f71df Mon Sep 17 00:00:00 2001 From: Nathan Williams Date: Wed, 25 Mar 2009 20:33:42 +1100 Subject: solos: Check for rogue received packets Sometimes there can be received packets with the size field set to 0xFFFF. This seems to only occur after an FPGA or firmware upgrade. This patch discards packets with an invalid size. Signed-off-by: Nathan Williams Signed-off-by: David Woodhouse --- drivers/atm/solos-pci.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c index bfef8d25581..6c828347c9c 100644 --- a/drivers/atm/solos-pci.c +++ b/drivers/atm/solos-pci.c @@ -671,6 +671,10 @@ void solos_bh(unsigned long card_arg) memcpy_fromio(header, RX_BUF(card, port), sizeof(*header)); size = le16_to_cpu(header->size); + if (size > (card->buffer_size - sizeof(*header))){ + dev_warn(&card->dev->dev, "Invalid buffer size\n"); + continue; + } skb = alloc_skb(size + 1, GFP_ATOMIC); if (!skb) { -- cgit v1.2.3-18-g5258