tcp: enforce tcp_min_snd_mss in tcp_mtu_probing()

[pandora-kernel.git] / drivers / spi / spidev.c

diff --git a/drivers/spi/spidev.c b/drivers/spi/spidev.c
index 830adbe..1556db9 100644 (file)
--- a/drivers/spi/spidev.c
+++ b/drivers/spi/spidev.c
@@ -241,7 +241,10 @@ static int spidev_message(struct spidev_data *spidev,
                k_tmp->len = u_tmp->len;
 
                total += k_tmp->len;
-               if (total > bufsiz) {
+               /* Check total length of transfers.  Also check each
+                * transfer length to avoid arithmetic overflow.
+                */
+               if (total > bufsiz || k_tmp->len > bufsiz) {
                        status = -EMSGSIZE;
                        goto done;
                }