From 3a439c696d840b1be77924b4a9be1d8c1231fa25 Mon Sep 17 00:00:00 2001
From: Krishna chaitanya chundru <quic_krichai@quicinc.com>
Date: Fri, 16 Jun 2023 10:27:03 +0530
Subject: [PATCH] bus: mhi: Fix potential out-of-bound access

In mhi_sat_isvalid_header function if the length is less than
the size of header then there can be out-of-bound access.

So fix the len check in the function.

Change-Id: I80f1556557b1bf2f30c07f6377bd6e3db48712b3
Signed-off-by: Krishna chaitanya chundru <quic_krichai@quicinc.com>
---
 drivers/bus/mhi/devices/mhi_satellite.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/drivers/bus/mhi/devices/mhi_satellite.c b/drivers/bus/mhi/devices/mhi_satellite.c
index 7b4d68097b40..c7df2758697c 100644
--- a/drivers/bus/mhi/devices/mhi_satellite.c
+++ b/drivers/bus/mhi/devices/mhi_satellite.c
@@ -358,7 +358,8 @@ static struct mhi_sat_device *find_sat_dev_by_id(
 static bool mhi_sat_isvalid_header(struct sat_header *hdr, int len)
 {
 	/* validate payload size */
-	if (len >= sizeof(*hdr) && (len != hdr->payload_size + sizeof(*hdr)))
+	if ((len < sizeof(*hdr)) ||
+		(len >= sizeof(*hdr) && (len != hdr->payload_size + sizeof(*hdr))))
 		return false;
 
 	/* validate SAT IPC version */