DivestOS/Patches/Linux_CVEs/CVE-2016-3893/ANY/0.patch

38 lines
1.4 KiB
Diff
Raw Normal View History

From a7a6ddc91cce7ad5ad55c9709b24bfc80f5ac873 Mon Sep 17 00:00:00 2001
From: Patrick Daly <pdaly@codeaurora.org>
Date: Thu, 28 May 2015 18:32:49 -0700
Subject: ASoC: wcd9xxx: Fix unprotected userspace access
Protect against memory faults while accessing userspace addresses.
Change-Id: I1433bac73d24d428749558e530e6869c2e5ee98f
Signed-off-by: Patrick Daly <pdaly@codeaurora.org>
---
sound/soc/codecs/wcdcal-hwdep.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/sound/soc/codecs/wcdcal-hwdep.c b/sound/soc/codecs/wcdcal-hwdep.c
index 5013bee..954620a 100644
--- a/sound/soc/codecs/wcdcal-hwdep.c
+++ b/sound/soc/codecs/wcdcal-hwdep.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2014, The Linux Foundation. All rights reserved.
+ * Copyright (c) 2014-2015, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@@ -82,7 +82,8 @@ static int wcdcal_hwdep_ioctl_shared(struct snd_hwdep *hw,
return -EFAULT;
}
data = fw[fw_user.cal_type]->data;
- memcpy(data, fw_user.buffer, fw_user.size);
+ if (copy_from_user(data, fw_user.buffer, fw_user.size))
+ return -EFAULT;
fw[fw_user.cal_type]->size = fw_user.size;
mutex_lock(&fw_data->lock);
set_bit(WCDCAL_RECIEVED, &fw_data->wcdcal_state[fw_user.cal_type]);
--
cgit v1.1