Return-path: Received: from mail-bw0-f161.google.com ([209.85.218.161]:60242 "EHLO mail-bw0-f161.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754737AbZBTAAC (ORCPT ); Thu, 19 Feb 2009 19:00:02 -0500 Received: by bwz5 with SMTP id 5so1892042bwz.13 for ; Thu, 19 Feb 2009 16:00:00 -0800 (PST) From: David Kilroy To: linux-wireless@vger.kernel.org, orinoco-devel@lists.sourceforge.net Cc: David Kilroy Subject: [PATCH 0/2] orinoco: improve robustness of firmware load Date: Thu, 19 Feb 2009 23:46:25 +0000 Message-Id: <1235087187-23425-1-git-send-email-kilroyd@googlemail.com> (sfid-20090220_010011_199990_C3DE4A09) Sender: linux-wireless-owner@vger.kernel.org List-ID: We don't currently do any verification of the firmware that we attempt to load, and it is possible to cause a kernel oops. For example, see This series introduces a few nominal checks to reject files which are incorrectly formatted, and then makes sure that we do not attempt to read data outside the firmware. It is still possible to load a duff firmware. However it shouldn't be possible to cause any permanent damage. Hopefully it can't oops either. Signed-off-by: David Kilroy --- David Kilroy (2): orinoco: validate firmware header orinoco: prevent accessing memory outside the firmware image drivers/net/wireless/orinoco/fw.c | 55 ++++++++++++++++- drivers/net/wireless/orinoco/hermes_dld.c | 89 +++++++++++++++-------------- drivers/net/wireless/orinoco/hermes_dld.h | 10 ++- 3 files changed, 103 insertions(+), 51 deletions(-)