Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f5ec25de authored by Chen Gong's avatar Chen Gong Committed by Tony Luck
Browse files

pstore: fix potential logic issue in pstore read interface 



1) in the calling of erst_read, the parameter of buffer size
maybe overflows and cause crash

2) the return value of erst_read should be checked more strictly

Signed-off-by: default avatarChen Gong <gong.chen@linux.intel.com>
Signed-off-by: default avatarTony Luck <tony.luck@intel.com>
parent 06cf91b4

drivers/acpi/apei/erst.c

+8 −1
Original line number Original line Diff line number Diff line
@@ -1006,7 +1006,14 @@ static ssize_t erst_reader(u64 *id, enum pstore_type_id *type, 
	}

	}





	len = erst_read(record_id, &rcd->hdr, sizeof(*rcd) +

	len = erst_read(record_id, &rcd->hdr, sizeof(*rcd) +

			  erst_erange.size);

			erst_info.bufsize);

	/* The record may be cleared by others, try read next record */

	if (len == -ENOENT)

		goto skip;

	else if (len < 0) {

		rc = -1;

		goto out;

	}

	if (uuid_le_cmp(rcd->hdr.creator_id, CPER_CREATOR_PSTORE) != 0)

	if (uuid_le_cmp(rcd->hdr.creator_id, CPER_CREATOR_PSTORE) != 0)

		goto skip;

		goto skip;