watchdog: ziirave_wdt: check record length in ziirave_firm_verify()

author Dan Carpenter <dan.carpenter@linaro.org>

Wed, 28 May 2025 20:22:19 +0000 (23:22 +0300)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Thu, 28 Aug 2025 14:22:34 +0000 (16:22 +0200)
author Dan Carpenter <dan.carpenter@linaro.org>
Wed, 28 May 2025 20:22:19 +0000 (23:22 +0300)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 28 Aug 2025 14:22:34 +0000 (16:22 +0200)
diff --git a/drivers/watchdog/ziirave_wdt.c b/drivers/watchdog/ziirave_wdt.c

index cab86a08456bcd3c13bb3e2663ae2facd2221d85..3cfab859e5074d43c585bb6d143cafb78df3c656 100644 (file)
--- a/drivers/watchdog/ziirave_wdt.c
+++ b/drivers/watchdog/ziirave_wdt.c
@@ -306,6 +306,9 @@ static int ziirave_firm_verify(struct watchdog_device *wdd,
                 const u16 len = be16_to_cpu(rec->len);
                 const u32 addr = be32_to_cpu(rec->addr);
  
+               if (len > sizeof(data))
+                       return -EINVAL;
+
                 if (ziirave_firm_addr_readonly(addr))
                         continue;
author	Dan Carpenter <dan.carpenter@linaro.org>
	Wed, 28 May 2025 20:22:19 +0000 (23:22 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 28 Aug 2025 14:22:34 +0000 (16:22 +0200)