DivestOS/Patches/Linux_CVEs/CVE-2014-9876/3.4/1.patch
2017-10-29 22:14:37 -04:00

31 lines
1.1 KiB
Diff

From 794cd44fe8e32a4afe31a2f9f6a4499aaa874a48 Mon Sep 17 00:00:00 2001
From: Mohit Aggarwal <maggarwa@codeaurora.org>
Date: Thu, 2 Jun 2016 18:02:29 -0700
Subject: [PATCH] diag: Fix possible underflow/overflow issues
Add check in order to fix possible integer underflow
during HDLC encoding which may lead to buffer
overflow. Also added check for packet length to
avoid buffer overflow.
Bug: 28767796
Change-Id: Ifbac719a7db73aab121cb00c2090edf1bf1094bb
Signed-off-by: Yuan Lin <yualin@google.com>
---
drivers/char/diag/diagfwd.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/diag/diagfwd.h b/drivers/char/diag/diagfwd.h
index c6e1273dc585c..9c514e629fb4c 100644
--- a/drivers/char/diag/diagfwd.h
+++ b/drivers/char/diag/diagfwd.h
@@ -20,7 +20,7 @@
#define RESET_AND_QUEUE 1
#define CHK_OVERFLOW(bufStart, start, end, length) \
- ((((bufStart) <= (start)) && ((end) - (start) >= (length))) ? 1 : 0)
+ ((((bufStart) <= (start)) && ((end) - (start) >= (length)) && ((length) > 0)) ? 1 : 0)
void diagfwd_init(void);
void diagfwd_exit(void);