enc28j60: fix RX buffer overflow

author Baruch Siach <baruch@tkos.co.il>

Mon, 5 Jan 2009 00:23:01 +0000 (16:23 -0800)

committer David S. Miller <davem@davemloft.net>

Mon, 5 Jan 2009 00:23:01 +0000 (16:23 -0800)
author Baruch Siach <baruch@tkos.co.il>
Mon, 5 Jan 2009 00:23:01 +0000 (16:23 -0800)
committer David S. Miller <davem@davemloft.net>
Mon, 5 Jan 2009 00:23:01 +0000 (16:23 -0800)
diff --git a/drivers/net/enc28j60.c b/drivers/net/enc28j60.c

index b0ef46c51a9d556069c38ed97d0cdf3086555d6f..cefe1d98f93e91b4b92c0143db1da9b43513fd5a 100644 (file)
--- a/drivers/net/enc28j60.c
+++ b/drivers/net/enc28j60.c
@@ -944,7 +944,7 @@ static void enc28j60_hw_rx(struct net_device *ndev)
         if (netif_msg_rx_status(priv))
                 enc28j60_dump_rsv(priv, __func__, next_packet, len, rxstat);
  
-       if (!RSV_GETBIT(rxstat, RSV_RXOK)) {
+       if (!RSV_GETBIT(rxstat, RSV_RXOK) || len > MAX_FRAMELEN) {
                 if (netif_msg_rx_err(priv))
                         dev_err(&ndev->dev, "Rx Error (%04x)\n", rxstat);
                 ndev->stats.rx_errors++;
@@ -952,6 +952,8 @@ static void enc28j60_hw_rx(struct net_device *ndev)
                         ndev->stats.rx_crc_errors++;
                 if (RSV_GETBIT(rxstat, RSV_LENCHECKERR))
                         ndev->stats.rx_frame_errors++;
+               if (len > MAX_FRAMELEN)
+                       ndev->stats.rx_over_errors++;
         } else {
                 skb = dev_alloc_skb(len + NET_IP_ALIGN);
                 if (!skb) {
author	Baruch Siach <baruch@tkos.co.il>
	Mon, 5 Jan 2009 00:23:01 +0000 (16:23 -0800)
committer	David S. Miller <davem@davemloft.net>
	Mon, 5 Jan 2009 00:23:01 +0000 (16:23 -0800)