Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit da225058 authored by David Dai's avatar David Dai Committed by Gerrit - the friendly Code Review server
Browse files

msm: msm_bus: limit max chars read by sscanf 



Current bus_floor_vote_store_api does not limit/check
the size of the string in input, allowing stack overflow.
Specify the max number of characters read allowable to
the size of destination buffer.

CRs-Fixed: 1050455
Change-Id: Ia9227480be6ea4f3ade71f5675f95a3efd9fcf99
Signed-off-by: default avatarDavid Dai <daidavid1@codeaurora.org>
parent 70be28c9

drivers/soc/qcom/msm_bus/msm_bus_dbg_voter.c

+2 −2
Original line number Diff line number Diff line 
/* Copyright (c) 2014-2016, The Linux Foundation. All rights reserved.

/* Copyright (c) 2014-2017, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -133,7 +133,7 @@ static ssize_t bus_floor_vote_store_api(struct device *dev, 
		return 0;

	}



	if (sscanf(buf, "%s %llu", name, &vote_khz) != 2) {

	if (sscanf(buf, "%9s %llu", name, &vote_khz) != 2) {

		pr_err("%s:return error", __func__);

		return -EINVAL;

	}