From b97feb8274eb5604f3913ecbddeab3cec82193c0 Mon Sep 17 00:00:00 2001 From: Yuanyuan Liu Date: Fri, 5 Oct 2018 15:03:13 -0700 Subject: [PATCH] icnss: NULL terminate the fw build timestamp string If fw build timestamp passed by QMI is a non-NULL terminated string, it might result in a out-of-bounds read in icnss_get_soc_info. Hence, manually NULL terminate the string. Change-Id: I252196cd12784d841b29303c42591efc59da64f1 CRs-Fixed: 2322317 Signed-off-by: Yuanyuan Liu --- drivers/soc/qcom/icnss.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/drivers/soc/qcom/icnss.c b/drivers/soc/qcom/icnss.c index 7eb7221835d4..e0fa8b7720d2 100644 --- a/drivers/soc/qcom/icnss.c +++ b/drivers/soc/qcom/icnss.c @@ -3035,6 +3035,8 @@ EXPORT_SYMBOL(icnss_disable_irq); int icnss_get_soc_info(struct device *dev, struct icnss_soc_info *info) { + char *fw_build_timestamp = NULL; + if (!penv || !dev) { icnss_pr_err("Platform driver not initialized\n"); return -EINVAL; @@ -3047,6 +3049,8 @@ int icnss_get_soc_info(struct device *dev, struct icnss_soc_info *info) info->board_id = penv->board_info.board_id; info->soc_id = penv->soc_info.soc_id; info->fw_version = penv->fw_version_info.fw_version; + fw_build_timestamp = penv->fw_version_info.fw_build_timestamp; + fw_build_timestamp[QMI_WLFW_MAX_TIMESTAMP_LEN_V01] = '\0'; strlcpy(info->fw_build_timestamp, penv->fw_version_info.fw_build_timestamp, QMI_WLFW_MAX_TIMESTAMP_LEN_V01 + 1);