Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 83214431 authored by Hariprasad Dhalinarasimha's avatar Hariprasad Dhalinarasimha
Browse files

qseecom: Ensure incoming "app_name" does not corrupt the kernel stack 



Printing a string with that does not have null terminated character,
would lead to overflow, as the print continues until it finds a null
terminated character.
Avoid this issue by explicitly assigning a string with null termination.

Change-Id: I9528db2ba046c514d829097d08c09540588bb1a2
Signed-off-by: default avatarHariprasad Dhalinarasimha <hnamgund@codeaurora.org>
parent 66619aa7

drivers/misc/qseecom.c

+2 −0
Original line number Diff line number Diff line
@@ -773,6 +773,7 @@ static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp) 
	if (ret)

		return ret;

	req.qsee_cmd_id = QSEOS_APP_LOOKUP_COMMAND;

	load_img_req.img_name[MAX_APP_NAME_SIZE-1] = '\0';

	memcpy(req.app_name, load_img_req.img_name, MAX_APP_NAME_SIZE);



	ret = __qseecom_check_app_exists(req);
@@ -2453,6 +2454,7 @@ static int qseecom_query_app_loaded(struct qseecom_dev_handle *data, 
	}



	req.qsee_cmd_id = QSEOS_APP_LOOKUP_COMMAND;

	query_req.app_name[MAX_APP_NAME_SIZE-1] = '\0';

	memcpy(req.app_name, query_req.app_name, MAX_APP_NAME_SIZE);



	ret = __qseecom_check_app_exists(req);