qseecom: check invalid handle for app loaded query request
Check if the handle data type received from userspace is valid for app loaded query request to avoid the offset boundary check for qseecom_send_modfd_resp is bypassed. Change-Id: I5f3611a8f830d6904213781c5ba70cfc0ba3e2e0 Signed-off-by: Zhen Kong <zkong@codeaurora.org>
This commit is contained in:
Zhen Kong
parent
22dc337a69
commit
ccc8c4fcf6
1 changed files with 8 additions and 1 deletions
|
|
@ -1,6 +1,6 @@
|
|||
/*Qualcomm Secure Execution Environment Communicator (QSEECOM) driver
|
||||
*
|
||||
* Copyright (c) 2012-2018, The Linux Foundation. All rights reserved.
|
||||
* Copyright (c) 2012-2019, The Linux Foundation. All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License version 2 and
|
||||
|
|
@ -7281,6 +7281,13 @@ long qseecom_ioctl(struct file *file, unsigned cmd, unsigned long arg)
|
|||
break;
|
||||
}
|
||||
case QSEECOM_IOCTL_APP_LOADED_QUERY_REQ: {
|
||||
if ((data->type != QSEECOM_GENERIC) &&
|
||||
(data->type != QSEECOM_CLIENT_APP)) {
|
||||
pr_err("app loaded query req: invalid handle (%d)\n",
|
||||
data->type);
|
||||
ret = -EINVAL;
|
||||
break;
|
||||
}
|
||||
data->type = QSEECOM_CLIENT_APP;
|
||||
mutex_lock(&app_access_lock);
|
||||
atomic_inc(&data->ioctl_count);
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue