From 4102179f3f64704c05aaabddc4e01ea0a60d9994 Mon Sep 17 00:00:00 2001
From: Flavio Ceolin <flavio.ceolin@intel.com>
Date: Sun, 6 Aug 2023 23:29:22 -0700
Subject: [PATCH] espi: mchp_xec: Fix possible buffer overflow

Check the packet lenght in flash_write operation before
copying it to an internal buffer.

Signed-off-by: Flavio Ceolin <flavio.ceolin@intel.com>
---
 drivers/espi/espi_mchp_xec.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/drivers/espi/espi_mchp_xec.c b/drivers/espi/espi_mchp_xec.c
index 2474c666ced..0a7ed741c17 100644
--- a/drivers/espi/espi_mchp_xec.c
+++ b/drivers/espi/espi_mchp_xec.c
@@ -647,6 +647,11 @@ static int espi_xec_flash_write(const struct device *dev,
 
 	LOG_DBG("%s", __func__);
 
+	if (sizeof(target_mem) < pckt->len) {
+		LOG_ERR("Packet length is too big");
+		return -ENOMEM;
+	}
+
 	if (!(ESPI_FC_REGS->STS & MCHP_ESPI_FC_STS_CHAN_EN)) {
 		LOG_ERR("Flash channel is disabled");
 		return -EIO;