Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 5d749d0bbe811c10d9048cde6dfebc761713abfd
commit5d749d0bbe811c10d9048cde6dfebc761713abfd[log] [tgz]
authorGwendal Grignou <gwendal@chromium.org>Tue Mar 08 09:13:52 2016 -0800
committerOlof Johansson <olof@lixom.net>Wed May 11 11:55:47 2016 -0700
tree7f8497b6fa3125c0f7256dab097a73fbdc34bc58
parent492ef7829d2d09428803bffb187d5781bbc12ca5 [diff]
platform/chrome: cros_ec_dev - Fix security issue

Prevent memory scribble by checking that ioctl buffer size parameters
are sane.
Without this check, on 32 bits system, if .insize = 0xffffffff - 20 and
.outsize the amount to scribble, we would overflow, allocate a small
amounts and be able to write outside of the malloc'ed area.
Adding a hard limit allows argument checking of the ioctl. With the
current EC, it is expected .insize and .outsize to be at around 512 bytes
or less.

Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
3 files changed
tree: 7f8497b6fa3125c0f7256dab097a73fbdc34bc58
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .get_maintainer.ignore
  24. .gitignore
  25. .mailmap
  26. COPYING
  27. CREDITS
  28. Kbuild
  29. Kconfig
  30. MAINTAINERS
  31. Makefile
  32. README
  33. REPORTING-BUGS