| Message ID | iwlwifi.20210117164916.5184dfc2a445.I0631d2e4f6ffb93cf06618edb035c45bd6d1d7b9@changeid |
|---|---|
| State | New |
| Headers | show |
| Series | iwlwifi: updates intended for v5.12 2021-01-17 part 2 | expand |
diff --git a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c index 231c3489cc31..3834d7197e11 100644 --- a/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c +++ b/drivers/net/wireless/intel/iwlwifi/mvm/debugfs.c @@ -1169,9 +1169,9 @@ static ssize_t iwl_dbgfs_inject_packet_write(struct iwl_mvm *mvm, if (ret) goto out; - /* avoid invalid memory access */ + /* avoid invalid memory access and malformed packet */ if (bin_len < sizeof(*pkt) || - bin_len < sizeof(*pkt) + iwl_rx_packet_payload_len(pkt)) + bin_len != sizeof(*pkt) + iwl_rx_packet_payload_len(pkt)) goto out; local_bh_disable();