evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

diag: Validate query dci event and log mask size properly

Browse source 
Currently there is possibility of out-of-bound read due to
incorrect validation of received dci event and log mask for
query. The patch update the validation for the same.

Change-Id: I4266eb0f69fdbfa48c5aacc17744dec83995e9e6
Signed-off-by: Hardik Arya <harya@codeaurora.org>
This commit is contained in:
Hardik Arya 2018-04-06 15:10:36 +05:30 committed by Gerrit - the friendly Code Review server
parent 502257f3e6
commit 31c280fe34
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
drivers/char/diag/diag_dci.c
View file

@ -689,7 +689,7 @@ int diag_dci_query_log_mask(struct diag_dci_client_tbl *entry,
byte_mask = 0x01 << (item_num % 8);
offset = equip_id * 514;
if (offset + byte_index > DCI_LOG_MASK_SIZE) {
if (offset + byte_index >= DCI_LOG_MASK_SIZE) {
pr_err("diag: In %s, invalid offset: %d, log_code: %d, byte_index: %d\n",
__func__, offset, log_code, byte_index);
return 0;
@ -716,7 +716,7 @@ int diag_dci_query_event_mask(struct diag_dci_client_tbl *entry,
bit_index = event_id % 8;
byte_mask = 0x1 << bit_index;
if (byte_index > DCI_EVENT_MASK_SIZE) {
if (byte_index >= DCI_EVENT_MASK_SIZE) {
pr_err("diag: In %s, invalid, event_id: %d, byte_index: %d\n",
__func__, event_id, byte_index);
return 0;