mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-09-18 15:25:58 +00:00
40 lines
1.5 KiB
Diff
40 lines
1.5 KiB
Diff
From 069683407ca9a820d05c914b57c587bcd3f16a3a Mon Sep 17 00:00:00 2001
|
|
From: David Dai <daidavid1@codeaurora.org>
|
|
Date: Fri, 5 Aug 2016 15:14:25 -0700
|
|
Subject: msm: msm_bus: limit max chars read by sscanf
|
|
|
|
Current bus_floor_vote_store_api does not limit/check
|
|
the size of the string in input, allowing stack overflow.
|
|
Specify the max number of characters read allowable to
|
|
the size of destination buffer.
|
|
|
|
CRs-Fixed: 1050455
|
|
Change-Id: Ia9227480be6ea4f3ade71f5675f95a3efd9fcf99
|
|
Signed-off-by: David Dai <daidavid1@codeaurora.org>
|
|
---
|
|
drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c | 4 ++--
|
|
1 file changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c b/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c
|
|
index e4c8f1f..a876484 100644
|
|
--- a/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c
|
|
+++ b/drivers/platform/msm/msm_bus/msm_bus_dbg_voter.c
|
|
@@ -1,4 +1,4 @@
|
|
-/* Copyright (c) 2014-2015, The Linux Foundation. All rights reserved.
|
|
+/* Copyright (c) 2014-2016, The Linux Foundation. All rights reserved.
|
|
*
|
|
* This program is Mree software; you can redistribute it and/or modify
|
|
* it under the terms of the GNU General Public License version 2 and
|
|
@@ -133,7 +133,7 @@ static ssize_t bus_floor_vote_store_api(struct device *dev,
|
|
return 0;
|
|
}
|
|
|
|
- if (sscanf(buf, "%s %llu", name, &vote_khz) != 2) {
|
|
+ if (sscanf(buf, "%9s %llu", name, &vote_khz) != 2) {
|
|
pr_err("%s:return error", __func__);
|
|
return -EINVAL;
|
|
}
|
|
--
|
|
cgit v1.1
|
|
|