[PATCH 1/5] mtd: block2mtd: Check for valid user supplied erase size

Fri Jun 2 08:43:38 PDT 2017

Erase size is limited to 32bit unsigned integer, but value parsed from user
is limited up to size_t C type.

Signed-off-by: Pali Rohár <pali.rohar at gmail.com>
---
 drivers/mtd/devices/block2mtd.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/mtd/devices/block2mtd.c b/drivers/mtd/devices/block2mtd.c
index 7c887f1..ee47cdd 100644
--- a/drivers/mtd/devices/block2mtd.c
+++ b/drivers/mtd/devices/block2mtd.c
@@ -419,7 +419,7 @@ static int block2mtd_setup2(const char *val)
 
 	if (token[1]) {
 		ret = parse_num(&erase_size, token[1]);
-		if (ret) {
+		if (ret || erase_size > U32_MAX) {
 			pr_err("illegal erase size\n");
 			return 0;
 		}
-- 
1.7.9.5


