iwlwifi: pnvm: read EFI data only if long enough

If the data we get from EFI is not even long enough for the package struct we expect then ignore it entirely. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Fixes: a1a6a4cf ("iwlwifi: pnvm: implement reading PNVM from UEFI") Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/iwlwifi.20211016114029.33feba783518.I54a5cf33975d0330792b3d208b225d479e168f32@changeid

iwlwifi: pnvm: read EFI data only if long enough
If the data we get from EFI is not even long enough for the package struct we expect then ignore it entirely. Signed-off-by: Johannes Berg <johannes.berg@intel.com> Fixes: a1a6a4cf ("iwlwifi: pnvm: implement reading PNVM from UEFI") Signed-off-by: Luca Coelho <luciano.coelho@intel.com> Signed-off-by: Kalle Valo <kvalo@codeaurora.org> Link: https://lore.kernel.org/r/iwlwifi.20211016114029.33feba783518.I54a5cf33975d0330792b3d208b225d479e168f32@changeid
e864a77f · Johannes Berg · Kalle Valo · 0f892441 · e864a77f
Commit e864a77f authored Oct 16, 2021 by Johannes Berg Committed by Kalle Valo Oct 20, 2021
Hide whitespace changes
Inline Side-by-side

Showing with 7 additions and 3 deletions

drivers/net/wireless/intel/iwlwifi/fw/pnvm.c drivers/net/wireless/intel/iwlwifi/fw/pnvm.c +7 -3

No files found.
--- a/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
+++ b/drivers/net/wireless/intel/iwlwifi/fw/pnvm.c
@@ -284,9 +284,13 @@ int iwl_pnvm_load(struct iwl_trans *trans,
 	/* First attempt to get the PNVM from BIOS */
 	package = iwl_uefi_get_pnvm(trans, &len);
 	if (!IS_ERR_OR_NULL(package)) {
-		/* we need only the data */
-		len -= sizeof(*package);
-		data = kmemdup(package->data, len, GFP_KERNEL);
+		if (len >= sizeof(*package)) {
+			/* we need only the data */
+			len -= sizeof(*package);
+			data = kmemdup(package->data, len, GFP_KERNEL);
+		} else {
+			data = NULL;
+		}

 		/* free package regardless of whether kmemdup succeeded */
 		kfree(package);