Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 791a491e authored by Hardik Arya's avatar Hardik Arya
Browse files

diag: Prevent out-of-bound read while processing peripheral ctrl_pkt 



There is a possibility of out-of-bound access while processing control
packet received from peripheral due to missing buffer length check.
The patch adds proper check to fix the same.

Change-Id: I6793a47ca21c6e0ba52863a350decb90feb81a88
Signed-off-by: default avatarHardik Arya <harya@codeaurora.org>
parent 55cb9664

drivers/char/diag/diagfwd_cntl.c

+2 −0
Original line number Diff line number Diff line
@@ -980,6 +980,8 @@ void diag_cntl_process_read_data(struct diagfwd_info *p_info, void *buf, 


	while (read_len + header_len < len) {

		ctrl_pkt = (struct diag_ctrl_pkt_header_t *)ptr;

		if ((read_len + header_len + ctrl_pkt->len) > len)

			return;

		switch (ctrl_pkt->pkt_id) {

		case DIAG_CTRL_MSG_REG:

			process_command_registration(ptr, ctrl_pkt->len,