From cc0f713e75371d31eebc54041f1dc5a1e90f047c Mon Sep 17 00:00:00 2001
From: Adrian Bonislawski <adrian.bonislawski@linux.intel.com>
Date: Fri, 5 Jun 2020 10:47:30 +0200
Subject: [PATCH] ipc: header size validation fix

This patch will deny IPC headers with size 0

Signed-off-by: Adrian Bonislawski <adrian.bonislawski@linux.intel.com>
---
 src/ipc/handler.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/ipc/handler.c b/src/ipc/handler.c
index a108ecaea..7c1667544 100644
--- a/src/ipc/handler.c
+++ b/src/ipc/handler.c
@@ -122,8 +122,8 @@ struct sof_ipc_cmd_hdr *mailbox_validate(void)
 	mailbox_hostbox_read(hdr, SOF_IPC_MSG_MAX_SIZE, 0, sizeof(*hdr));
 
 	/* validate component header */
-	if (hdr->size > SOF_IPC_MSG_MAX_SIZE) {
-		tr_err(&ipc_tr, "ipc: msg too big at 0x%x", hdr->size);
+	if (hdr->size < sizeof(*hdr) || hdr->size > SOF_IPC_MSG_MAX_SIZE) {
+		tr_err(&ipc_tr, "ipc: invalid size 0x%x", hdr->size);
 		return NULL;
 	}