Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1240d01e authored by Trishansh Bhardwaj's avatar Trishansh Bhardwaj Committed by Gerrit - the friendly Code Review server
Browse files

msm: camera: Prevent buffer overread in write_logsync. 



If userspace issues write with string of length 21 or more then
there is a chance that kernel will overread lbuf array.
This change makes sure that lbuf is NULL terminated.

Change-Id: I9ad6d5a607b2ff1f293512be9746ee554b076b10
Signed-off-by: default avatarTrishansh Bhardwaj <tbhardwa@codeaurora.org>
parent 55cc722e

drivers/media/platform/msm/camera_v2/msm.c

+1 −1
Original line number Diff line number Diff line
@@ -1288,7 +1288,7 @@ static ssize_t write_logsync(struct file *file, const char __user *buf, 
	uint64_t seq_num = 0;

	int ret;



	if (copy_from_user(lbuf, buf, sizeof(lbuf)))

	if (copy_from_user(lbuf, buf, sizeof(lbuf) - 1))

		return -EFAULT;



	ret = sscanf(lbuf, "%llu", &seq_num);