summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHeiner Kallweit <hkallweit1@gmail.com>2017-11-24 07:47:50 +0100
committerBartosz Golaszewski <brgl@bgdev.pl>2017-11-29 16:05:37 +0100
commitd9bcd462daf34aebb8de9ad7f76de0198bb5a0f0 (patch)
treeb80337dac5851c6c59cfddd321e3b447277fdec1
parenteeprom: at24: fix reading from 24MAC402/24MAC602 (diff)
downloadlinux-d9bcd462daf34aebb8de9ad7f76de0198bb5a0f0.tar.xz
linux-d9bcd462daf34aebb8de9ad7f76de0198bb5a0f0.zip
eeprom: at24: check at24_read/write arguments
So far we completely rely on the caller to provide valid arguments. To be on the safe side perform an own sanity check. Cc: stable@vger.kernel.org Signed-off-by: Heiner Kallweit <hkallweit1@gmail.com> Signed-off-by: Bartosz Golaszewski <brgl@bgdev.pl>
-rw-r--r--drivers/misc/eeprom/at24.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/drivers/misc/eeprom/at24.c b/drivers/misc/eeprom/at24.c
index 8ca6772b3baf..305a7a464d09 100644
--- a/drivers/misc/eeprom/at24.c
+++ b/drivers/misc/eeprom/at24.c
@@ -569,6 +569,9 @@ static int at24_read(void *priv, unsigned int off, void *val, size_t count)
if (unlikely(!count))
return count;
+ if (off + count > at24->chip.byte_len)
+ return -EINVAL;
+
client = at24_translate_offset(at24, &off);
ret = pm_runtime_get_sync(&client->dev);
@@ -614,6 +617,9 @@ static int at24_write(void *priv, unsigned int off, void *val, size_t count)
if (unlikely(!count))
return -EINVAL;
+ if (off + count > at24->chip.byte_len)
+ return -EINVAL;
+
client = at24_translate_offset(at24, &off);
ret = pm_runtime_get_sync(&client->dev);