michaelh/zephyr
1
0
Fork 0
Code Releases Activity

espi: mchp_xec: Fix possible buffer overflow

Browse source 
Check the packet lenght in flash_write operation before
copying it to an internal buffer.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
This commit is contained in:
Flavio Ceolin 2023-08-06 23:29:22 -07:00 committed by Martí Bolívar
commit 4102179f3f
1 changed files with 5 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
drivers/espi/espi_mchp_xec.c
View file

@ -647,6 +647,11 @@ static int espi_xec_flash_write(const struct device *dev,
LOG_DBG("%s", __func__); LOG_DBG("%s", __func__);
if (sizeof(target_mem) < pckt->len) {
LOG_ERR("Packet length is too big");
return -ENOMEM;
}
if (!(ESPI_FC_REGS->STS & MCHP_ESPI_FC_STS_CHAN_EN)) { if (!(ESPI_FC_REGS->STS & MCHP_ESPI_FC_STS_CHAN_EN)) {
LOG_ERR("Flash channel is disabled"); LOG_ERR("Flash channel is disabled");
return -EIO; return -EIO;