msm-3.18: drivers : added validation of input/output buffer sizes

author Brahmaji K <bkomma@codeaurora.org>

Tue, 13 Dec 2016 15:02:24 +0000 (20:32 +0530)

committer Gerrit - the friendly Code Review server <code-review@localhost>

Tue, 20 Dec 2016 06:25:39 +0000 (22:25 -0800)
author Brahmaji K <bkomma@codeaurora.org>
Tue, 13 Dec 2016 15:02:24 +0000 (20:32 +0530)
committer Gerrit - the friendly Code Review server <code-review@localhost>
Tue, 20 Dec 2016 06:25:39 +0000 (22:25 -0800)
diff --git a/drivers/misc/qseecom.c b/drivers/misc/qseecom.c

index 26676a5..a7b3663 100644 (file)
--- a/drivers/misc/qseecom.c
+++ b/drivers/misc/qseecom.c
@@ -80,6 +80,9 @@
  /* Encrypt/Decrypt Data Integrity Partition (DIP) for MDTP */
  #define SCM_MDTP_CIPHER_DIP            0x01
  
+/* Maximum Allowed Size (128K) of Data Integrity Partition (DIP) for MDTP */
+#define MAX_DIP                        0x20000
+
  #define RPMB_SERVICE                   0x2000
  #define SSD_SERVICE                    0x3000
  
@@ -6056,7 +6059,8 @@ static int qseecom_mdtp_cipher_dip(void __user *argp)
                 }
  
                 if (req.in_buf == NULL || req.out_buf == NULL ||
-                       req.in_buf_size == 0 || req.out_buf_size == 0 ||
+                       req.in_buf_size == 0 || req.in_buf_size > MAX_DIP ||
+                       req.out_buf_size == 0 || req.out_buf_size > MAX_DIP ||
                                 req.direction > 1) {
                                 pr_err("invalid parameters\n");
                                 ret = -EINVAL;
author	Brahmaji K <bkomma@codeaurora.org>
	Tue, 13 Dec 2016 15:02:24 +0000 (20:32 +0530)
committer	Gerrit - the friendly Code Review server <code-review@localhost>
	Tue, 20 Dec 2016 06:25:39 +0000 (22:25 -0800)