evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

drivers: media: broadcast: Fix security vulnerability issue

Browse source 
Information leak issue is reported in mpq_sdmx_log_level_write
function. Added check to validate count is not zero and initialize
the string.

Change-Id: Ieb2ed88c2d7d778c56be2ec3b9875270a9c74dce
Signed-off-by: Udaya Bhaskara Reddy Mallavarapu <udaym@codeaurora.org>
This commit is contained in:
Udaya Bhaskara Reddy Mallavarapu 2017-09-05 12:01:41 +05:30
parent d727a95d2e
commit bbacde467c
1 changed files with 6 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
drivers/media/platform/msm/dvb/demux/mpq_dmx_plugin_common.c
View file

@ -523,13 +523,17 @@ static ssize_t mpq_sdmx_log_level_write(struct file *fp,
int level; int level;
struct mpq_demux *mpq_demux = fp->private_data; struct mpq_demux *mpq_demux = fp->private_data;
if (count >= 16) if (count == 0 || count >= 16)
return -EINVAL; return -EINVAL;
ret_count = simple_write_to_buffer(user_str, 16, position, user_buffer, memset(user_str, '\0', sizeof(user_str));
ret_count = simple_write_to_buffer(user_str, 15, position, user_buffer,
count); count);
if (ret_count < 0) if (ret_count < 0)
return ret_count; return ret_count;
else if (ret_count == 0)
return -EINVAL;
ret = kstrtoint(user_str, 0, &level); ret = kstrtoint(user_str, 0, &level);
if (ret) if (ret)