Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 158e9032 authored by Hardik Arya's avatar Hardik Arya
Browse files

diag: Prevent out-of-bound access while processing mask commands 



Mask commands are being processed without proper check of buffer
length, which can lead to out of bound access. The patch adds
proper check for buffer length.

Change-Id: I6eb7ad01fb86f0cd0fb32390cfedd518428a64ba
Signed-off-by: default avatarHardik Arya <harya@codeaurora.org>
parent 58bdd471

drivers/char/diag/diag_masks.c

+5 −1
Original line number Diff line number Diff line 
/* Copyright (c) 2008-2018, The Linux Foundation. All rights reserved.

/* Copyright (c) 2008-2019, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -2303,6 +2303,8 @@ int diag_process_apps_masks(unsigned char *buf, int len, int pid) 
		return -EINVAL;



	if (*buf == DIAG_CMD_LOG_CONFIG) {

		if (len < (2 * sizeof(int)))

			return -EINVAL;

		sub_cmd = *(int *)(buf + sizeof(int));

		switch (sub_cmd) {

		case DIAG_CMD_OP_LOG_DISABLE:
@@ -2320,6 +2322,8 @@ int diag_process_apps_masks(unsigned char *buf, int len, int pid) 
			break;

		}

	} else if (*buf == DIAG_CMD_MSG_CONFIG) {

		if (len < (2 * sizeof(uint8_t)))

			return -EINVAL;

		sub_cmd = *(uint8_t *)(buf + sizeof(uint8_t));

		switch (sub_cmd) {

		case DIAG_CMD_OP_GET_SSID_RANGE: