From fcd7395ffcb96a8b7d2cc5c939dc3c61a2cb5b2c Mon Sep 17 00:00:00 2001
From: Sanket Padawe <sanketpadawe@google.com>
Date: Mon, 6 Jun 2016 11:21:24 -0700
Subject: [PATCH] Increase buffer size for storing /proc/cmdline to avoid
 buffer overflow.

Bug: 29115540
Change-Id: I875532f119aef908f7c7afbbd2224a5252c972ee
---
 rild/rild.c | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/rild/rild.c b/rild/rild.c
index a3090cd..0e0d056 100644
--- a/rild/rild.c
+++ b/rild/rild.c
@@ -207,12 +207,25 @@ int main(int argc, char **argv) {
 #define  REFERENCE_RIL_PATH  "libreference-ril.so"
 
         /* first, read /proc/cmdline into memory */
-        char          buffer[1024] = {'\0'}, *p, *q;
+        char          buffer[2048] = {'\0'}, *p, *q;
         int           len;
+        struct stat   st;
         int           fd = open("/proc/cmdline",O_RDONLY);
 
         if (fd < 0) {
-            RLOGD("could not open /proc/cmdline:%s", strerror(errno));
+            RLOGE("could not open /proc/cmdline:%s", strerror(errno));
+            goto OpenLib;
+        }
+
+        if (fstat(fd, &st)) {
+            RLOGE("fstat error: %s", strerror(errno));
+            close(fd);
+            goto OpenLib;
+        }
+
+        if (st.st_size > sizeof(buffer) - 1) {
+            RLOGE("Size of /proc/cmdline exceeds buffer");
+            close(fd);
             goto OpenLib;
         }
 
@@ -221,7 +234,7 @@ int main(int argc, char **argv) {
         while (len == -1 && errno == EINTR);
 
         if (len < 0) {
-            RLOGD("could not read /proc/cmdline:%s", strerror(errno));
+            RLOGE("could not read /proc/cmdline:%s", strerror(errno));
             close(fd);
             goto OpenLib;
         }
-- 
2.11.0