DivestOS/Patches/Linux_CVEs/CVE-2016-6742/ANY/0001.patch

34 lines
1.2 KiB
Diff
Raw Normal View History

From 94f4b81da69ec72486476adb59d7c818bd4ffbd0 Mon Sep 17 00:00:00 2001
From: chengengjia <chengjia4574@gmail.com>
Date: Wed, 10 Aug 2016 17:34:43 +0800
Subject: [PATCH] input: synaptics: Add checks of user input data
Add checks of the user input count to avoid possible heap overflow
Bug: 30799828
Change-Id: I896492b18c4ace6565fb9edd5cbf51f363ce157b
Signed-off-by: chengengjia <chengjia4574@gmail.com>
Signed-off-by: Andrew Chant <achant@google.com>
---
drivers/input/touchscreen/synaptics_fw_update.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/drivers/input/touchscreen/synaptics_fw_update.c b/drivers/input/touchscreen/synaptics_fw_update.c
index 8e457ccaa5245..170a202590ad4 100644
--- a/drivers/input/touchscreen/synaptics_fw_update.c
+++ b/drivers/input/touchscreen/synaptics_fw_update.c
@@ -1736,6 +1736,13 @@ static ssize_t fwu_sysfs_store_image(struct file *data_file,
return -EAGAIN;
}
+ if (count > fwu->image_size - fwu->data_pos) {
+ dev_err(&fwu->rmi4_data->i2c_client->dev,
+ "%s: Not enough space in buffer\n",
+ __func__);
+ return -EINVAL;
+ }
+
memcpy((void *)(&fwu->ext_data_source[fwu->data_pos]),
(const void *)buf,
count);