]> git.baikalelectronics.ru Git - kernel.git/commit
platform/chrome: cros_ec_dev - Fix security issue
authorGwendal Grignou <gwendal@chromium.org>
Tue, 8 Mar 2016 17:13:52 +0000 (09:13 -0800)
committerOlof Johansson <olof@lixom.net>
Wed, 11 May 2016 18:55:47 +0000 (11:55 -0700)
commit5d749d0bbe811c10d9048cde6dfebc761713abfd
tree7f8497b6fa3125c0f7256dab097a73fbdc34bc58
parent492ef7829d2d09428803bffb187d5781bbc12ca5
platform/chrome: cros_ec_dev - Fix security issue

Prevent memory scribble by checking that ioctl buffer size parameters
are sane.
Without this check, on 32 bits system, if .insize = 0xffffffff - 20 and
.outsize the amount to scribble, we would overflow, allocate a small
amounts and be able to write outside of the malloc'ed area.
Adding a hard limit allows argument checking of the ioctl. With the
current EC, it is expected .insize and .outsize to be at around 512 bytes
or less.

Signed-off-by: Gwendal Grignou <gwendal@chromium.org>
Signed-off-by: Olof Johansson <olof@lixom.net>
drivers/platform/chrome/cros_ec_dev.c
drivers/platform/chrome/cros_ec_proto.c
include/linux/mfd/cros_ec.h