app_id comes from the network and can't be trusted. If it's zero then it will lead to a kernel crash.
Signed-off-by: Dan Carpenter <[email protected]> diff --git a/drivers/staging/ozwpan/ozpd.c b/drivers/staging/ozwpan/ozpd.c index 8c460f0..e3381ad 100644 --- a/drivers/staging/ozwpan/ozpd.c +++ b/drivers/staging/ozwpan/ozpd.c @@ -806,7 +806,7 @@ void oz_apps_term(void) void oz_handle_app_elt(struct oz_pd *pd, u8 app_id, struct oz_elt *elt) { struct oz_app_if *ai; - if (app_id > OZ_APPID_MAX) + if (app_id == 0 || app_id > OZ_APPID_MAX) return; ai = &g_app_if[app_id-1]; ai->rx(pd, elt); _______________________________________________ devel mailing list [email protected] http://driverdev.linuxdriverproject.org/mailman/listinfo/devel
