diag: Update msg mask's ranges properlyLA.UM.7.8.r1-05000-SDM710.0

There is a possibility of out-of-bound read if msg mask ranges received from peripheral are more than max ssid per range. Cap msg mask's ssid ranges to MAX_SSID_PER_RANGE if ranges received from peripheral are greater than the same. Change-Id: I886692ad223e16678bfaecbe381c62fdf3503cb5 Signed-off-by: Hardik Arya <harya@codeaurora.org>
author: Hardik Arya <harya@codeaurora.org> 2018-08-08 14:46:20 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> 2019-03-19 04:03:48 -0700
commit: b9253984d10712c73db19c7313879c3b4570493d (patch)
tree: 3bf7703750293b5f36b82c639324e1a62b4e24ed
parent: ba3a24f7633641a071cb1c4cda2c24fb723c9404 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/drivers/char/diag/diagfwd_cntl.c b/drivers/char/diag/diagfwd_cntl.c
index a6d5ca8a952a..7a7d0fc27d05 100644
--- a/drivers/char/diag/diagfwd_cntl.c
+++ b/drivers/char/diag/diagfwd_cntl.c
@@ -619,7 +619,12 @@ static int update_msg_mask_tbl_entry(struct diag_msg_mask_t *mask,
 	}
 	if (range->ssid_last >= mask->ssid_last) {
 		temp_range = range->ssid_last - mask->ssid_first + 1;
-		mask->ssid_last = range->ssid_last;
+		if (temp_range > MAX_SSID_PER_RANGE) {
+			temp_range = MAX_SSID_PER_RANGE;
+			mask->ssid_last = mask->ssid_first + temp_range - 1;
+		} else
+			mask->ssid_last = range->ssid_last;
+		mask->ssid_last_tools = mask->ssid_last;
 		mask->range = temp_range;
 	}
author	Hardik Arya <harya@codeaurora.org>	2018-08-08 14:46:20 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	2019-03-19 04:03:48 -0700
commit	b9253984d10712c73db19c7313879c3b4570493d (patch)
tree	3bf7703750293b5f36b82c639324e1a62b4e24ed
parent	ba3a24f7633641a071cb1c4cda2c24fb723c9404 (diff)