solos: Check for rogue received packets

Sometimes there can be received packets with the size field set to 0xFFFF. This seems to only occur after an FPGA or firmware upgrade. This patch discards packets with an invalid size. Signed-off-by: Nathan Williams <nathan@traverse.com.au> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>
2009-03-25 20:33:42 +11:00 · 2009-03-25 20:33:42 +11:00 · 78f857f265
commit 78f857f265
parent 4dbedf43d2
1 changed files with 4 additions and 0 deletions
--- a/drivers/atm/solos-pci.c
+++ b/drivers/atm/solos-pci.c
@ -671,6 +671,10 @@ void solos_bh(unsigned long card_arg)
 				memcpy_fromio(header, RX_BUF(card, port), sizeof(*header));

 				size = le16_to_cpu(header->size);
+				if (size > (card->buffer_size - sizeof(*header))){
+					dev_warn(&card->dev->dev, "Invalid buffer size\n");
+					continue;
+				}

 				skb = alloc_skb(size + 1, GFP_ATOMIC);
 				if (!skb) {