msm: ipc: Add check to avoid integer & buffer overflow
In IPC Router service lookup operation, add check to avoid an integer
overflow and hence a buffer overflow.
CRs-Fixed: 457402
Change-Id: Ibe949fe20aad88b15679bdc96ebc505e4395ac3b
Signed-off-by: Karthikeyan Ramasubramanian <kramasub@codeaurora.org>
diff --git a/arch/arm/mach-msm/ipc_socket.c b/arch/arm/mach-msm/ipc_socket.c
index d31af84..2cec5c5 100644
--- a/arch/arm/mach-msm/ipc_socket.c
+++ b/arch/arm/mach-msm/ipc_socket.c
@@ -400,6 +400,14 @@
if (server_arg.num_entries_in_array) {
srv_info_sz = server_arg.num_entries_in_array *
sizeof(*srv_info);
+ if ((srv_info_sz / sizeof(*srv_info)) !=
+ server_arg.num_entries_in_array) {
+ pr_err("%s: Integer Overflow %d * %d\n",
+ __func__, sizeof(*srv_info),
+ server_arg.num_entries_in_array);
+ ret = -EINVAL;
+ break;
+ }
srv_info = kmalloc(srv_info_sz, GFP_KERNEL);
if (!srv_info) {
ret = -ENOMEM;