drivers: media: broadcast: Fix security vulnerability issue
Information leak issue is reported in mpq_sdmx_log_level_write function. Added check to validate count is not zero and initialize the string. Change-Id: Ieb2ed88c2d7d778c56be2ec3b9875270a9c74dce Signed-off-by: Udaya Bhaskara Reddy Mallavarapu <udaym@codeaurora.org>
This commit is contained in:
Udaya Bhaskara Reddy Mallavarapu
parent
d727a95d2e
commit
bbacde467c
1 changed files with 6 additions and 2 deletions
|
|
@ -523,13 +523,17 @@ static ssize_t mpq_sdmx_log_level_write(struct file *fp,
|
|||
int level;
|
||||
struct mpq_demux *mpq_demux = fp->private_data;
|
||||
|
||||
if (count >= 16)
|
||||
if (count == 0 || count >= 16)
|
||||
return -EINVAL;
|
||||
|
||||
ret_count = simple_write_to_buffer(user_str, 16, position, user_buffer,
|
||||
memset(user_str, '\0', sizeof(user_str));
|
||||
|
||||
ret_count = simple_write_to_buffer(user_str, 15, position, user_buffer,
|
||||
count);
|
||||
if (ret_count < 0)
|
||||
return ret_count;
|
||||
else if (ret_count == 0)
|
||||
return -EINVAL;
|
||||
|
||||
ret = kstrtoint(user_str, 0, &level);
|
||||
if (ret)
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue