FROMLIST: msm: IPA: add the check on intf query (6e0f6edf) · Commits · Bryan O'Donoghue / Kernel

Commit 6e0f6edf authored 8 years ago by Skylar Chang Committed by Nick Desaulniers 8 years ago

FROMLIST: msm: IPA: add the check on intf query


The ipa_ioc_query_intf_rx_props structure comes
from the ioctl handler, and it is verified that
the size of rx buffer does not exceed the
IPA_NUM_PROPS_MAX elements. It is also verified
that the "entry->rx" buffer does not exceed
IPA_NUM_PROPS_MAX when "entry" is allocated.
However, the sizes of the buffer "rx->rx" and
the buffer "entry->rx" are not guaranteed to
be the same and will lead memory corruption
issue. The fix is to add the check before
memcpy.

Bug: 34026243
Bug: 35048450
Bug: 35047780
Bug: 35047217
Change-Id: Idf5c2d32f47c1a1cffeaa5607193855188893ddb
Signed-off-by: Skylar Chang <chiaweic@codeaurora.org>
Signed-off-by: Steve Pfetsch <spfetsch@google.com>
(am from https://source.codeaurora.org/quic/la/kernel/
msm-3.18/commit/?id=cf0d31bc)

parent f8037c1f

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 24 additions and 0 deletions

Please register or to comment