mirror of
https://github.com/AsahiLinux/u-boot
synced 2024-12-01 08:59:33 +00:00
virtio: rng: Check length before copying
Check the length of data written by the device is consistent with the size of the buffers to avoid out-of-bounds memory accesses in case values aren't consistent. Signed-off-by: Andrew Scull <ascull@google.com> Cc: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
parent
420b3e51f4
commit
43937a4f5e
1 changed files with 3 additions and 0 deletions
|
@ -41,6 +41,9 @@ static int virtio_rng_read(struct udevice *dev, void *data, size_t len)
|
|||
while (!virtqueue_get_buf(priv->rng_vq, &rsize))
|
||||
;
|
||||
|
||||
if (rsize > sg.length)
|
||||
return -EIO;
|
||||
|
||||
memcpy(ptr, buf, rsize);
|
||||
len -= rsize;
|
||||
ptr += rsize;
|
||||
|
|
Loading…
Reference in a new issue