Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 9c05ed84 authored by jitendrathakare's avatar jitendrathakare
Browse files

qseecom: check invalid handle for app loaded query request 



Check if the handle data type received from userspace is valid
for app loaded query request to avoid the offset boundary check
for qseecom_send_modfd_resp is bypassed.

Change-Id: I5e75a285c90a6718bbea1ace123d8aed9482ca4d
Signed-off-by: default avatarjitendra thakare <jitendrathakare@codeaurora.org>
parent ae3e9e8c

drivers/misc/qseecom.c

+8 −1
Original line number Diff line number Diff line 
/*Qualcomm Secure Execution Environment Communicator (QSEECOM) driver

 *

 * Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.

 * Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.

 *

 * This program is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License version 2 and
@@ -7281,6 +7281,13 @@ long qseecom_ioctl(struct file *file, unsigned cmd, unsigned long arg) 
		break;

	}

	case QSEECOM_IOCTL_APP_LOADED_QUERY_REQ: {

		 if ((data->type != QSEECOM_GENERIC) &&

			(data->type != QSEECOM_CLIENT_APP)) {

			pr_err("app loaded query req: invalid handle (%d)\n",

						data->type);

			ret = -EINVAL;

			break;

		}

		data->type = QSEECOM_CLIENT_APP;

		mutex_lock(&app_access_lock);

		atomic_inc(&data->ioctl_count);