bus: mhi: Fix potential out-of-bound access

In mhi_sat_isvalid_header function if the length is less than the size of header then there can be out-of-bound access. So fix the len check in the function. Change-Id: I80f1556557b1bf2f30c07f6377bd6e3db48712b3 Signed-off-by: Krishna chaitanya chundru <quic_krichai@quicinc.com> (cherry picked from commit d7601393dce0e11ab823fe530e8d5f2277b5fdc0)
2023-06-16 10:27:03 +05:30 · 2023-06-16 10:27:03 +05:30 · 6df00291cb
commit 6df00291cb
parent fad511703f
1 changed files with 2 additions and 1 deletions
--- a/drivers/bus/mhi/devices/mhi_satellite.c
+++ b/drivers/bus/mhi/devices/mhi_satellite.c
@ -357,7 +357,8 @@ static struct mhi_sat_device *find_sat_dev_by_id(
 static bool mhi_sat_isvalid_header(struct sat_header *hdr, int len)
 {
 	/* validate payload size */
-	if (len >= sizeof(*hdr) && (len != hdr->payload_size + sizeof(*hdr)))
+	if ((len < sizeof(*hdr)) ||
+		(len >= sizeof(*hdr) && (len != hdr->payload_size + sizeof(*hdr))))
 		return false;

 	/* validate SAT IPC version */