projects / linux-flexiantxendom0-3.2.10.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
- patches.apparmor/remove_suid_new_case_in_2.6.22.diff: Merge fix.
[linux-flexiantxendom0-3.2.10.git] / drivers / ieee1394 / raw1394.c
diff --git a/drivers/ieee1394/raw1394.c b/drivers/ieee1394/raw1394.c
index bb897a3..d382500 100644 (file)
--- a/drivers/ieee1394/raw1394.c
+++ b/drivers/ieee1394/raw1394.c
@@ -35,7 +35,6 @@
 #include <linux/poll.h>
 #include <linux/module.h>
 #include <linux/init.h>
-#include <linux/smp_lock.h>
 #include <linux/interrupt.h>
 #include <linux/vmalloc.h>
 #include <linux/cdev.h>
@@ -938,7 +937,8 @@ static int handle_async_send(struct file_info *fi, struct pending_request *req)
        int header_length = req->req.misc & 0xffff;
        int expect_response = req->req.misc >> 16;
 
-       if ((header_length > req->req.length) || (header_length < 12)) {
+       if (header_length > req->req.length || header_length < 12 ||
+           header_length > FIELD_SIZEOF(struct hpsb_packet, header)) {
                req->req.error = RAW1394_ERROR_INVALID_ARG;
                req->req.length = 0;
                queue_complete_req(req);
Port of xen3.3 xenlinux code to Ubuntu packaged SUSE kernel (3.2.10)