qseecom: check invalid handle for app loaded query request



Check if the handle data type received from userspace is valid
for app loaded query request to avoid the offset boundary check
for qseecom_send_modfd_resp is bypassed.

Change-Id: I5f3611a8f830d6904213781c5ba70cfc0ba3e2e0
Signed-off-by: Zhen Kong <zkong@codeaurora.org>

parent 6b3ddc57

drivers/misc/qseecom.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -7719,6 +7719,13 @@ static long qseecom_ioctl(struct file *file,
		break;
		}
		case QSEECOM_IOCTL_APP_LOADED_QUERY_REQ: {
		if ((data->type != QSEECOM_GENERIC) &&
		(data->type != QSEECOM_CLIENT_APP)) {
		pr_err("app loaded query req: invalid handle (%d)\n",
		data->type);
		ret = -EINVAL;
		break;
		}
		data->type = QSEECOM_CLIENT_APP;
		mutex_lock(&app_access_lock);
		atomic_inc(&data->ioctl_count);