Skip to content
Snippets Groups Projects
Commit a10eb89a authored by Manu Gautam's avatar Manu Gautam Committed by Carol_Jiang
Browse files

anthias: security: patch for CVE-2016-2502


usb: f_serial: Check for SMD data length in GSER_IOCTL

If user tries to send SMD data more than the driver
buffer can handle then fail the same and print
error message. This smd_write is exposed to userspace
through ioctl using a misc device.

Change-Id: Ie8a1c1c0799cd10cef512ad6b1e1e95001dd43b2
Signed-off-by: default avatarManu Gautam <mgautam@codeaurora.org>
Reviewed-on: http://mcrd1-22-pc.corpnet.asus/code-review/master/240759


Reviewed-by: default avatarSteven Syu <steven_syu@asus.com>
Tested-by: default avatarSteven Syu <steven_syu@asus.com>
Tested-by: default avatarCarol_Jiang <carol_jiang@asus.com>
Reviewed-by: default avatarCarol_Jiang <carol_jiang@asus.com>
parent 9c444c88
No related merge requests found
......@@ -1358,6 +1358,13 @@ static long gser_ioctl(struct file *fp, unsigned cmd, unsigned long arg)
smd_port_num =
gserial_ports[gser->port_num].client_port_num;
if (smd_write_arg.size > GSERIAL_BUF_LEN) {
pr_err("%s: Invalid size:%u, max: %u", __func__,
smd_write_arg.size, GSERIAL_BUF_LEN);
ret = -EINVAL;
break;
}
pr_debug("%s: Copying %d bytes from user buffer to local\n",
__func__, smd_write_arg.size);
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment