solos: Check for rogue received packets

Sometimes there can be received packets with the size field set to 0xFFFF. This seems to only occur after an FPGA or firmware upgrade. This patch discards packets with an invalid size. Signed-off-by: Nathan Williams <nathan@traverse.com.au> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
author: Nathan Williams <nathan@traverse.com.au> 2009-03-25 20:33:42 +1100
committer: David Woodhouse <David.Woodhouse@intel.com> 2009-03-25 11:17:49 +0000
commit: 78f857f265241dfa6f343d75b45e8b30935f71df (patch)
tree: 03795e32b4fdc4b484d17abd14d2ba736510c979 /drivers/atm
parent: solos: support new FPGA RAM layout (diff)
download: linux-dev-78f857f265241dfa6f343d75b45e8b30935f71df.tar.xz
linux-dev-78f857f265241dfa6f343d75b45e8b30935f71df.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c
index bfef8d255811..6c828347c9cc 100644
--- a/drivers/atm/solos-pci.c
+++ b/drivers/atm/solos-pci.c
@@ -671,6 +671,10 @@ void solos_bh(unsigned long card_arg)
 				memcpy_fromio(header, RX_BUF(card, port), sizeof(*header));
 
 				size = le16_to_cpu(header->size);
+				if (size > (card->buffer_size - sizeof(*header))){
+					dev_warn(&card->dev->dev, "Invalid buffer size\n");
+					continue;
+				}
 
 				skb = alloc_skb(size + 1, GFP_ATOMIC);
 				if (!skb) {
author	Nathan Williams <nathan@traverse.com.au>	2009-03-25 20:33:42 +1100
committer	David Woodhouse <David.Woodhouse@intel.com>	2009-03-25 11:17:49 +0000
commit	78f857f265241dfa6f343d75b45e8b30935f71df (patch)
tree	03795e32b4fdc4b484d17abd14d2ba736510c979 /drivers/atm
parent	solos: support new FPGA RAM layout (diff)
download	linux-dev-78f857f265241dfa6f343d75b45e8b30935f71df.tar.xz linux-dev-78f857f265241dfa6f343d75b45e8b30935f71df.zip