mirror of
https://github.com/Divested-Mobile/DivestOS-Build.git
synced 2024-12-11 00:44:23 -05:00
40 lines
1.4 KiB
Diff
40 lines
1.4 KiB
Diff
From 83214431cd02674c70402b160b16b7427e28737f Mon Sep 17 00:00:00 2001
|
|
From: Hariprasad Dhalinarasimha <hnamgund@codeaurora.org>
|
|
Date: Thu, 3 Oct 2013 16:52:16 -0700
|
|
Subject: qseecom: Ensure incoming "app_name" does not corrupt the kernel stack
|
|
|
|
Printing a string with that does not have null terminated character,
|
|
would lead to overflow, as the print continues until it finds a null
|
|
terminated character.
|
|
Avoid this issue by explicitly assigning a string with null termination.
|
|
|
|
Change-Id: I9528db2ba046c514d829097d08c09540588bb1a2
|
|
Signed-off-by: Hariprasad Dhalinarasimha <hnamgund@codeaurora.org>
|
|
---
|
|
drivers/misc/qseecom.c | 2 ++
|
|
1 file changed, 2 insertions(+)
|
|
|
|
diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c
|
|
index 4c1943b..7ab8089 100644
|
|
--- a/drivers/misc/qseecom.c
|
|
+++ b/drivers/misc/qseecom.c
|
|
@@ -773,6 +773,7 @@ static int qseecom_load_app(struct qseecom_dev_handle *data, void __user *argp)
|
|
if (ret)
|
|
return ret;
|
|
req.qsee_cmd_id = QSEOS_APP_LOOKUP_COMMAND;
|
|
+ load_img_req.img_name[MAX_APP_NAME_SIZE-1] = '\0';
|
|
memcpy(req.app_name, load_img_req.img_name, MAX_APP_NAME_SIZE);
|
|
|
|
ret = __qseecom_check_app_exists(req);
|
|
@@ -2453,6 +2454,7 @@ static int qseecom_query_app_loaded(struct qseecom_dev_handle *data,
|
|
}
|
|
|
|
req.qsee_cmd_id = QSEOS_APP_LOOKUP_COMMAND;
|
|
+ query_req.app_name[MAX_APP_NAME_SIZE-1] = '\0';
|
|
memcpy(req.app_name, query_req.app_name, MAX_APP_NAME_SIZE);
|
|
|
|
ret = __qseecom_check_app_exists(req);
|
|
--
|
|
cgit v1.1
|
|
|