Commit 677362c9 authored Aug 30, 2019 by Zhen Kong Committed by Gerrit - the friendly Code Review server Aug 30, 2019

qseecom: check invalid handle for app loaded query request



Check if the handle data type received from userspace is valid
for app loaded query request to avoid the offset boundary check
for qseecom_send_modfd_resp is bypassed.

Change-Id: I5f3611a8f830d6904213781c5ba70cfc0ba3e2e0
Signed-off-by: Zhen Kong <zkong@codeaurora.org>

parent 550ad451

drivers/misc/qseecom.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -7534,6 +7534,13 @@ static long qseecom_ioctl(struct file *file,
		break;
		}
		case QSEECOM_IOCTL_APP_LOADED_QUERY_REQ: {
		if ((data->type != QSEECOM_GENERIC) &&
		(data->type != QSEECOM_CLIENT_APP)) {
		pr_err("app loaded query req: invalid handle (%d)\n",
		data->type);
		ret = -EINVAL;
		break;
		}
		data->type = QSEECOM_CLIENT_APP;
		mutex_lock(&app_access_lock);
		atomic_inc(&data->ioctl_count);