DivestOS/Patches/Linux_CVEs/CVE-2017-9679/ANY/0.patch
2017-10-29 22:14:37 -04:00

46 lines
1.6 KiB
Diff

From 31f54e33d88c676bedb64127b5ae0c60d06f9518 Mon Sep 17 00:00:00 2001
From: Abir Ghosh <abirg@codeaurora.org>
Date: Tue, 11 Apr 2017 10:01:15 +0530
Subject: [PATCH] qbt1000: Terminate fingerprint TA name with null
Terminate the string, coming from userspace and containing the name
of fingerprint trusted app, with null character, to make sure kernel
memory does not leak into logs
Bug: 35644510
Change-Id: I1668a64fcb6747ce3ef3b1ee6321fa5fa4a1798a
CRs-Fixed: 2029409
Signed-off-by: Abir Ghosh <abirg@codeaurora.org>
---
drivers/soc/qcom/qbt1000.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/drivers/soc/qcom/qbt1000.c b/drivers/soc/qcom/qbt1000.c
index bd6f0e6005f31..6b3d34bc8c970 100755
--- a/drivers/soc/qcom/qbt1000.c
+++ b/drivers/soc/qcom/qbt1000.c
@@ -1,4 +1,4 @@
-/* Copyright (c) 2015-2016, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2015-2017, The Linux Foundation. All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2 and
@@ -803,13 +803,15 @@ static long qbt1000_ioctl(struct file *file, unsigned cmd, unsigned long arg)
}
}
+ app.name[MAX_NAME_SIZE - 1] = '\0';
+
/* start the TZ app */
rc = qseecom_start_app(&drvdata->app_handle, app.name, app.size);
if (rc == 0) {
g_app_buf_size = app.size;
} else {
- dev_err(drvdata->dev, "%s: App %s failed to load\n",
- __func__, app.name);
+ dev_err(drvdata->dev, "%s: Fingerprint Trusted App failed to load\n",
+ __func__);
goto end;
}