DivestOS/Patches/Linux_CVEs/CVE-2017-0608/4.4/0001.patch

50 lines
1.6 KiB
Diff
Raw Normal View History

2017-11-07 17:32:46 -05:00
From 167a094eac4383809dd703d96fb88c406dd8786b Mon Sep 17 00:00:00 2001
From: Xiaoyu Ye <benyxy@codeaurora.org>
Date: Tue, 20 Dec 2016 10:56:59 -0800
Subject: mfd: wcd9xxx: Add range checking in function wcd9xxx_init_slimslave
Range checking is added to prevent buffer overflow.
CRs-Fixed: 1098363
Change-Id: I5871a3a11ec5f5106a386bf149d7ec22605f3db8
Signed-off-by: Xiaoyu Ye <benyxy@codeaurora.org>
---
drivers/mfd/wcd9xxx-slimslave.c | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/drivers/mfd/wcd9xxx-slimslave.c b/drivers/mfd/wcd9xxx-slimslave.c
index 4bce440..1ac7b59 100644
--- a/drivers/mfd/wcd9xxx-slimslave.c
+++ b/drivers/mfd/wcd9xxx-slimslave.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2012-2016, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2012-2017, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@@ -62,6 +62,10 @@ int wcd9xxx_init_slimslave(struct wcd9xxx *wcd9xxx, u8 wcd9xxx_pgd_la,
goto err;
}
+ if (!rx_num || rx_num > wcd9xxx->num_rx_port) {
+ pr_err("%s: invalid rx num %d\n", __func__, rx_num);
+ return -EINVAL;
+ }
if (wcd9xxx->rx_chs) {
wcd9xxx->num_rx_port = rx_num;
for (i = 0; i < rx_num; i++) {
@@ -84,6 +88,10 @@ int wcd9xxx_init_slimslave(struct wcd9xxx *wcd9xxx, u8 wcd9xxx_pgd_la,
wcd9xxx->num_rx_port);
}
+ if (!tx_num || tx_num > wcd9xxx->num_tx_port) {
+ pr_err("%s: invalid tx num %d\n", __func__, tx_num);
+ return -EINVAL;
+ }
if (wcd9xxx->tx_chs) {
wcd9xxx->num_tx_port = tx_num;
for (i = 0; i < tx_num; i++) {
--
cgit v1.1