diff options
author | Hardik Arya <harya@codeaurora.org> | 2018-08-08 14:46:20 +0530 |
---|---|---|
committer | Gerrit - the friendly Code Review server <code-review@localhost> | 2019-03-19 04:03:48 -0700 |
commit | b9253984d10712c73db19c7313879c3b4570493d (patch) | |
tree | 3bf7703750293b5f36b82c639324e1a62b4e24ed | |
parent | ba3a24f7633641a071cb1c4cda2c24fb723c9404 (diff) |
diag: Update msg mask's ranges properlyLA.UM.7.8.r1-05000-SDM710.0
There is a possibility of out-of-bound read if msg mask
ranges received from peripheral are more than max ssid per
range. Cap msg mask's ssid ranges to MAX_SSID_PER_RANGE if
ranges received from peripheral are greater than the same.
Change-Id: I886692ad223e16678bfaecbe381c62fdf3503cb5
Signed-off-by: Hardik Arya <harya@codeaurora.org>
-rw-r--r-- | drivers/char/diag/diagfwd_cntl.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/char/diag/diagfwd_cntl.c b/drivers/char/diag/diagfwd_cntl.c index a6d5ca8a952a..7a7d0fc27d05 100644 --- a/drivers/char/diag/diagfwd_cntl.c +++ b/drivers/char/diag/diagfwd_cntl.c @@ -619,7 +619,12 @@ static int update_msg_mask_tbl_entry(struct diag_msg_mask_t *mask, } if (range->ssid_last >= mask->ssid_last) { temp_range = range->ssid_last - mask->ssid_first + 1; - mask->ssid_last = range->ssid_last; + if (temp_range > MAX_SSID_PER_RANGE) { + temp_range = MAX_SSID_PER_RANGE; + mask->ssid_last = mask->ssid_first + temp_range - 1; + } else + mask->ssid_last = range->ssid_last; + mask->ssid_last_tools = mask->ssid_last; mask->range = temp_range; } |