msm: adsprpc: overflow vulnerability by race condition in adsprpc driver
Create local copy of current->comm to avoid the possibility of modification
in race condition.
Change-Id: Ie10f6577ed7edb9279a36039348e7a1ad25239f9
Acked-by: Nishant Chaubey <chaubey@qti.qualcomm.com>
Signed-off-by: Jeya R <jeyr@codeaurora.org>
diff --git a/drivers/char/adsprpc.c b/drivers/char/adsprpc.c
index 7eaa40d..becb445 100644
--- a/drivers/char/adsprpc.c
+++ b/drivers/char/adsprpc.c
@@ -3622,22 +3622,26 @@
{
int err = 0, buf_size = 0;
char strpid[PID_SIZE];
+ char cur_comm[TASK_COMM_LEN];
+ memcpy(cur_comm, current->comm, TASK_COMM_LEN);
+ cur_comm[TASK_COMM_LEN-1] = '\0';
fl->tgid = current->tgid;
snprintf(strpid, PID_SIZE, "%d", current->pid);
- buf_size = strlen(current->comm) + strlen("_") + strlen(strpid) + 1;
+ buf_size = strlen(cur_comm) + strlen("_") + strlen(strpid) + 1;
fl->debug_buf = kzalloc(buf_size, GFP_KERNEL);
if (!fl->debug_buf) {
err = -ENOMEM;
return err;
}
- snprintf(fl->debug_buf, UL_SIZE, "%.10s%s%d",
- current->comm, "_", current->pid);
+ snprintf(fl->debug_buf, buf_size, "%.10s%s%d",
+ cur_comm, "_", current->pid);
fl->debugfs_file = debugfs_create_file(fl->debug_buf, 0644,
debugfs_root, fl, &debugfs_fops);
if (!fl->debugfs_file)
pr_warn("Error: %s: %s: failed to create debugfs file %s\n",
- current->comm, __func__, fl->debug_buf);
+ cur_comm, __func__, fl->debug_buf);
+
return err;
}