evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

msm-3.18: drivers : added validation of input/output buffer sizes

Browse source 
This change fixes issues reagrding the ioctl
QSEECOM_IOCTL_MDTP_CIPHER_DIP_REQ uncovered by fuzzy tests.
Modified handler of above ioctl, not to allow input/output
buffer sizes greater than a fixed defined size.

Change-Id: I69f94a29d939341564f6f3ebfda48fceaa934542
Signed-off-by: Brahmaji K <bkomma@codeaurora.org>
This commit is contained in:
Brahmaji K 2016-12-13 20:32:24 +05:30 committed by Gerrit - the friendly Code Review server
parent eac971fc26
commit 6b7232dc91
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
drivers/misc/qseecom.c
View file

@ -80,6 +80,9 @@
/* Encrypt/Decrypt Data Integrity Partition (DIP) for MDTP */
#define SCM_MDTP_CIPHER_DIP 0x01
/* Maximum Allowed Size (128K) of Data Integrity Partition (DIP) for MDTP */
#define MAX_DIP 0x20000
#define RPMB_SERVICE 0x2000
#define SSD_SERVICE 0x3000
@ -6056,7 +6059,8 @@ static int qseecom_mdtp_cipher_dip(void __user *argp)
}
if (req.in_buf == NULL || req.out_buf == NULL ||
req.in_buf_size == 0 || req.out_buf_size == 0 ||
req.in_buf_size == 0 || req.in_buf_size > MAX_DIP ||
req.out_buf_size == 0 || req.out_buf_size > MAX_DIP ||
req.direction > 1) {
pr_err("invalid parameters\n");
ret = -EINVAL;