[patch 077/232] sdio: fix read buffer overflow
Jonathan Cameron
jic23 at cam.ac.uk
Thu Oct 1 06:08:04 EDT 2009
Hi All,
This patch is causing a regression with libertas 8686.
It's only finding 3 strings which I'm guessing means
it is an invalid CISTPL_VERS_1. Unfortunately the libertas_sdio
code relies on a string in one of them to tell it what model of
card we have.
Can someone confirm what the CIS_VERS_1 spec actually is?
I've found one vague reference to entries 3 and 4 being optional
but the simplified sdio spec refers to the pcmcia 3.2.10 spec
which I don't have easy access to.
Any suggestions on a work around?
Thanks,
Jonathan
> From: Roel Kluin <roel.kluin at gmail.com>
>
> Avoid buffer underrun when parsing an invalid CISTPL_VERS_1.
>
> Signed-off-by: Roel Kluin <roel.kluin at gmail.com>
> Cc: David Vrabel <david.vrabel at csr.com>
> Cc: <linux-mmc at vger.kernel.org>
> Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
> ---
>
> drivers/mmc/core/sdio_cis.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff -puN drivers/mmc/core/sdio_cis.c~sdio-fix-read-buffer-overflow drivers/mmc/core/sdio_cis.c
> --- a/drivers/mmc/core/sdio_cis.c~sdio-fix-read-buffer-overflow
> +++ a/drivers/mmc/core/sdio_cis.c
> @@ -40,7 +40,7 @@ static int cistpl_vers_1(struct mmc_card
> nr_strings++;
> }
>
> - if (buf[i-1] != '\0') {
> + if (nr_strings < 4) {
> printk(KERN_WARNING "SDIO: ignoring broken CISTPL_VERS_1\n");
> return 0;
> }
> _
> --
> To unsubscribe from this list: send the line "unsubscribe linux-mmc" in
> the body of a message to majordomo at vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
More information about the libertas-dev
mailing list