[LEDE-DEV] [PATCH] kernel: owl-loader: fix EEPROM size validation for 4KiB EEPROMs

[Martin Blumenstingl]

The validation of the received EEPROM data uses struct firmware's size
field, which contains the size in bytes. ath9k_platform_data's
eeprom_data field however is an u16 array with 2048 elements.
Using a simple sizeof(pdata->eeprom_data) returns the array size (2048
in our case). The actual maximum size however is 2048 * sizeof(u16), or
in other words 4096 bytes (the kernel's FIELD_SIZEOF macro does the
same calculation, but is easier to read).

Signed-off-by: Martin Blumenstingl <martin.blumenstingl at googlemail.com>
---
 target/linux/generic/files/drivers/misc/owl-loader.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/target/linux/generic/files/drivers/misc/owl-loader.c b/target/linux/generic/files/drivers/misc/owl-loader.c
index 30340da..6cc8e40 100644
--- a/target/linux/generic/files/drivers/misc/owl-loader.c
+++ b/target/linux/generic/files/drivers/misc/owl-loader.c
@@ -32,6 +32,9 @@ struct owl_ctx {
 
 #define EEPROM_FILENAME_LEN 100
 
+#define MAX_EEPROM_SIZE FIELD_SIZEOF(struct ath9k_platform_data, eeprom_data)
+#define MIN_EEPROM_SIZE 512
+
 #define AR5416_EEPROM_MAGIC 0xa55a
 
 static int ath9k_pci_fixup(struct pci_dev *pdev, const u16 *cal_data,
@@ -124,7 +127,7 @@ static void owl_fw_cb(const struct firmware *fw, void *context)
 	}
 
 	/* also note that we are doing *u16 operations on the file */
-	if (fw->size > sizeof(pdata->eeprom_data) || fw->size < 0x200 ||
+	if (fw->size > MAX_EEPROM_SIZE || fw->size < MIN_EEPROM_SIZE ||
 	    (fw->size & 1) == 1) {
 		dev_err(&pdev->dev, "eeprom file has an invalid size.\n");
 		goto release;
-- 
2.10.0