diff options
| author | Kees Cook <keescook@chromium.org> | 2023-02-02 18:43:28 +0000 |
|---|---|---|
| committer | Kees Cook <keescook@chromium.org> | 2023-02-02 18:43:28 +0000 |
| commit | 5c0f220e1b2d349b6241375e19887b5c865a84a1 (patch) | |
| tree | e6f473fcc9d2b7929276408a39b46b3c7452a337 /drivers/firmware/google/coreboot_table.c | |
| parent | 5a6b64adc18d9adfb497a529ff004d59b6df151f (diff) | |
| parent | be0d8f48ad97f5b775b0af3310343f676dbf318a (diff) | |
| download | linux-stable-5c0f220e1b2d349b6241375e19887b5c865a84a1.tar.gz linux-stable-5c0f220e1b2d349b6241375e19887b5c865a84a1.tar.bz2 linux-stable-5c0f220e1b2d349b6241375e19887b5c865a84a1.zip | |
Merge branch 'for-linus/hardening' into for-next/hardening
Diffstat (limited to 'drivers/firmware/google/coreboot_table.c')
| -rw-r--r-- | drivers/firmware/google/coreboot_table.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/drivers/firmware/google/coreboot_table.c b/drivers/firmware/google/coreboot_table.c index 2652c396c423..33ae94745aef 100644 --- a/drivers/firmware/google/coreboot_table.c +++ b/drivers/firmware/google/coreboot_table.c @@ -93,14 +93,19 @@ static int coreboot_table_populate(struct device *dev, void *ptr) for (i = 0; i < header->table_entries; i++) { entry = ptr_entry; - device = kzalloc(sizeof(struct device) + entry->size, GFP_KERNEL); + if (entry->size < sizeof(*entry)) { + dev_warn(dev, "coreboot table entry too small!\n"); + return -EINVAL; + } + + device = kzalloc(sizeof(device->dev) + entry->size, GFP_KERNEL); if (!device) return -ENOMEM; device->dev.parent = dev; device->dev.bus = &coreboot_bus_type; device->dev.release = coreboot_device_release; - memcpy(&device->entry, ptr_entry, entry->size); + memcpy(device->raw, ptr_entry, entry->size); switch (device->entry.tag) { case LB_TAG_CBMEM_ENTRY: |