watchdog: ziirave_wdt: check record length in ziirave_firm_verify()

author Dan Carpenter <dan.carpenter@linaro.org>

Wed, 28 May 2025 20:22:19 +0000 (23:22 +0300)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Fri, 15 Aug 2025 10:08:55 +0000 (12:08 +0200)
author Dan Carpenter <dan.carpenter@linaro.org>
Wed, 28 May 2025 20:22:19 +0000 (23:22 +0300)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 15 Aug 2025 10:08:55 +0000 (12:08 +0200)
diff --git a/drivers/watchdog/ziirave_wdt.c b/drivers/watchdog/ziirave_wdt.c

index 5ed33df68e9aba4ff67de423d7a6ab0be2b5eaa7..e611d60316c683c51bcb5cb80eaaec59250c68f4 100644 (file)
--- a/drivers/watchdog/ziirave_wdt.c
+++ b/drivers/watchdog/ziirave_wdt.c
@@ -302,6 +302,9 @@ static int ziirave_firm_verify(struct watchdog_device *wdd,
                 const u16 len = be16_to_cpu(rec->len);
                 const u32 addr = be32_to_cpu(rec->addr);
  
+               if (len > sizeof(data))
+                       return -EINVAL;
+
                 if (ziirave_firm_addr_readonly(addr))
                         continue;
author	Dan Carpenter <dan.carpenter@linaro.org>
	Wed, 28 May 2025 20:22:19 +0000 (23:22 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 15 Aug 2025 10:08:55 +0000 (12:08 +0200)