solos: Check for rogue received packets Sometimes there can be received packets with the size field set to 0xFFFF. This seems to only occur after an FPGA or firmware upgrade. This patch discards packets with an invalid size. Signed-off-by: Nathan Williams <nathan@traverse.com.au> Signed-off-by: David Woodhouse <David.Woodhouse@intel.com>

commit: 78f857f265241dfa6f343d75b45e8b30935f71df [log] [tgz]
author: Nathan Williams <nathan@traverse.com.au> Wed Mar 25 20:33:42 2009 +1100
committer: David Woodhouse <David.Woodhouse@intel.com> Wed Mar 25 11:17:49 2009 +0000
tree: 03795e32b4fdc4b484d17abd14d2ba736510c979
parent: 4dbedf43d26276f6d7c8c3146d0a5b2f0309d968 [diff] [blame]
diff --git a/drivers/atm/solos-pci.c b/drivers/atm/solos-pci.c
index bfef8d2..6c82834 100644
--- a/drivers/atm/solos-pci.c
+++ b/drivers/atm/solos-pci.c

@@ -671,6 +671,10 @@
 				memcpy_fromio(header, RX_BUF(card, port), sizeof(*header));
 
 				size = le16_to_cpu(header->size);
+				if (size > (card->buffer_size - sizeof(*header))){
+					dev_warn(&card->dev->dev, "Invalid buffer size\n");
+					continue;
+				}
 
 				skb = alloc_skb(size + 1, GFP_ATOMIC);
 				if (!skb) {
commit	78f857f265241dfa6f343d75b45e8b30935f71df	[log] [tgz]
author	Nathan Williams <nathan@traverse.com.au>	Wed Mar 25 20:33:42 2009 +1100
committer	David Woodhouse <David.Woodhouse@intel.com>	Wed Mar 25 11:17:49 2009 +0000
tree	03795e32b4fdc4b484d17abd14d2ba736510c979
parent	4dbedf43d26276f6d7c8c3146d0a5b2f0309d968 [diff] [blame]