From: Stefan Richter Date: Sun, 4 Jan 2009 15:23:29 +0000 (+0100) Subject: firewire: cdev: extend transaction payload size check X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=5d3fd692a7196a9045fb606f891f5987959b65a0;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git firewire: cdev: extend transaction payload size check Make the size check of ioctl_send_request and ioctl_send_broadcast_request speed dependent. Also change the error return code from -EINVAL to -EIO to distinguish this from other errors concerning the ioctl parameters. Another payload size limit for which we don't check here though is the remote node's Bus_Info_Block.max_rec. Signed-off-by: Stefan Richter --- diff --git a/drivers/firewire/fw-cdev.c b/drivers/firewire/fw-cdev.c index d48fa1c23a77..6b33f15584cb 100644 --- a/drivers/firewire/fw-cdev.c +++ b/drivers/firewire/fw-cdev.c @@ -525,9 +525,8 @@ static int init_request(struct client *client, struct outbound_transaction_event *e; int ret; - /* What is the biggest size we'll accept, really? */ - if (request->length > 4096) - return -EINVAL; + if (request->length > 4096 || request->length > 512 << speed) + return -EIO; e = kmalloc(sizeof(*e) + request->length, GFP_KERNEL); if (e == NULL)