summaryrefslogtreecommitdiff
path: root/dhd_msgbuf.c
diff options
context:
space:
mode:
Diffstat (limited to 'dhd_msgbuf.c')
-rw-r--r--dhd_msgbuf.c11
1 files changed, 7 insertions, 4 deletions
diff --git a/dhd_msgbuf.c b/dhd_msgbuf.c
index ecbdd10..6d42469 100644
--- a/dhd_msgbuf.c
+++ b/dhd_msgbuf.c
@@ -12483,10 +12483,13 @@ dhd_fillup_ioct_reqst(dhd_pub_t *dhd, uint16 len, uint cmd, void* buf, int ifidx
rqstlen = len;
resplen = len;
- /* Limit ioct request to MSGBUF_MAX_MSG_SIZE bytes including hdrs */
- /* 8K allocation of dongle buffer fails */
- /* dhd doesnt give separate input & output buf lens */
- /* so making the assumption that input length can never be more than 2k */
+ /* fail 'set' ioctl request if len > MSGBUF_MAX_MSG_SIZE bytes including hdrs */
+ if ((action & WL_IOCTL_ACTION_SET) && (rqstlen > MSGBUF_IOCTL_MAX_RQSTLEN)) {
+ DHD_ERROR(("%s: rqstlen(%u) larger than %u\n", __FUNCTION__, rqstlen,
+ MSGBUF_IOCTL_MAX_RQSTLEN));
+ return BCME_BADLEN;
+ }
+
rqstlen = MIN(rqstlen, MSGBUF_IOCTL_MAX_RQSTLEN);
#ifdef PCIE_INB_DW
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-24 03:48:07 +0000